Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1022	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Outbacker MXP (Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB and 1.0 Outbacker MXP 320 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/10/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: N/A Multi-chip standalone "Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021	CoCo Communications Corporation 999 3rd Ave, Suite 3700 Seattle, WA 98104 USA -Jeff Meyer TEL: 206-284-9387 FAX: 206-770-6461 -Mikhail Voloshin TEL: 206-812-5735 FAX: 206-770-6461	The CoCo Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720) -Other algorithms: Diffie-Hellman; SSLeay RNG Multi-chip standalone "The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS and A5000_2.4.8.22-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A800_3.1.1.7-FIPS and A5000_3.1.1.7-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure Services Client FIPS Module (Software Version: 1.0.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410) -Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman Multi-chip standalone "The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015	Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000 FAX: 859-232-3120	Lexmark Encryption Plug-In (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S2500 (Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C [1]; Firmware Versions: XS-15.1.0.75 [1], XS-15.1.0.76 [1] and XS-15.2.0.20 [1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S6000 (Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2] and GS-15.2.0.20 [1, 2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.4313) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-669	Revenector2008 (Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: RSA (Cert. #365); SHS (Cert. #765) -Other algorithms: N/A Multi-chip embedded "Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Code Integrity (ci.dll) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Winload OS Loader (winload.exe) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6001.18000) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6001.22202) (When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Mark Otto TEL: 408-447-3422 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4; RC2 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E7500 (Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.1.2600.5512) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) -Other algorithms: DES; MD5; HMAC MD5 Multi-chip standalone "FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC (Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 1200 (Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 50 (Hardware Version: 50; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
992	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 4500, NSA 5000 and NSA E5500 (Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0; (PIV Card Application: Cert. #12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
990	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits); MD5; RC2; RC4 Multi-chip standalone "The Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, TDES, DSA) in a cryptographic module accessible via the Microsoft CryptoAPI."
989	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows XP Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.1.2600.5507) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed) -Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHS, DES, TDES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
988	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP Passport (Hardware Versions: 4.3 Stealth MXP Passport Versions MUS3083C-FIPS, MUS3083D-FIPS, MUS3083E-FIPS, MUS3083F-FIPS, MUS3083G-FIPS, MUS3083E-MLCFIPS, MUS3083F-MLC-FIPS, MUS3083G-MLC-FIPS and MUS3083H-MLC-FIPS and 4.4 Stealth MXP Passport Versions MUS3086C-FIPS, MUS3086D-FIPS, MUS3086E-FIPS, MUS3086F-FIPS, MUS3086G-FIPS, MUS3086E-MLC-FIPS, MUS3086F-MLC-FIPS, MUS3086G-MLC-FIPS and MUS3086H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services"
987	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP (Hardware Versions: 4.3 Stealth MXP Versions MUS3082C-FIPS, MUS3082D-FIPS, MUS3082E-FIPS, MUS3082F-FIPS, MUS3082G-FIPS, MUS3082E-MLCFIPS, MUS3082F-MLC-FIPS, MUS3082G-MLC-FIPS and MUS3082H-MLC-FIPS and 4.4 Stealth MXP Versions MUS3085C-FIPS, MUS3085D-FIPS, MUS3085E-FIPS, MUS3085F-FIPS, MUS3085G-FIPS, MUS3085E-MLCFIPS, MUS3085F-MLC-FIPS, MUS3085G-MLC-FIPS and MUS3085H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/24/2008; 08/22/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
986	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.32a) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	07/24/2008	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8300 with BlackBerry OS Version 4.5 -FIPS-approved algorithms: Triple-DES (Cert. #671); AES (Certs. #774 and #775); SHS (Cert. #777); HMAC (Cert. #423); RSA (Cert. #367); RNG (Cert. #444); ECDSA (Cert. #85) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
985	Route1® Inc. 155 University Avenue Suite 1920 Toronto, ON M5H 3B7 Canada -Jerry S. Iwanski TEL: 416-848-8391 -Jeff Denberg TEL: 416-848-8391	Route1® FIPS Cryptographic Module (Software Version: 2.1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/17/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 SP1 (32-bit x86 - VC8.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #673); DSA (Cert. #254); ECDSA (Cert. #74); HMAC (Cert. #357); RNG (Cert. #392); RSA (Cert. #314); SHS (Cert. #706); Triple-DES (Cert. #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG SP 800-90 (non-compliant) Multi-chip standalone "The Route1 FIPS Cryptographic Module lies at the core of Route1®'s MobiNET™ a communications and service delivery platform focused on identity management and entitlement-based access to systems and resources. MobiNET™services are delivered on a number of digital form factors, such as mobile phones, handheld devices and Route1 MobiKEY™ an ultra-portable, smart-card enabled USB device. The Route1 FIPS Cryptographic Module's functionality includes a wide range of data encryption and asymmetric algorithms including AES, the RSA Public Key Cryptosystem, DSA, and the SHA family of message digests."
984	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 3500 (Hardware Version: P/N 101-500073-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #633); AES (Cert. #702); DSA (Cert. #267); RNG (Cert. #413); RSA (Cert. #328); SHS (Cert. #730); HMAC (Cert. #380) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
983	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E6500 (Hardware Version: P/N 101-500164-50, Rev. C; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #635); AES (Cert. #704); DSA (Cert. #269); RNG (Cert. #415); RSA (Cert. #330); SHS (Cert. #732); HMAC (Cert. #382) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
982	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	TZ 180, TZ 180W, TZ 190 and TZ 190W (Hardware Versions: P/N 101-500161-50, Rev. A (TZ 180); P/N 101-500160-50, Rev. A (TZ 180W); P/N 101-500080-52, Rev. A (TZ 190); P/N 101-500101-52, Rev. A (TZ 190W); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #632); AES (Cert. #701); DSA (Cert. #266); RNG (Cert. #412); RSA (Cert. #327); SHS (Cert. #729); HMAC (Cert. #379) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "SonicWALLÆs TZ Series is a high performance security platform that combines a deep packet inspection firewall, anti-virus, anti-spyware, intrusion prevention, content filtering, optional modular modem backup, and optional 802.11 b/g WLAN. These solutions allow small, remote, and branch offices to implement protection from the wide spectrum of emerging network threats."
981	FRAMA AG Unterdorf Lauperswil, CH-3438 Switzerland -Beat C. Waelti TEL: +41 34 496 98 98 FAX: +41 34 496 98 00 -Markus Arn TEL: +41 34 496 98 98 FAX: +41 34 496 98 00	FRAMA PSD-I (Hardware Version: 2.4; Firmware Version: 1.0.6) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #450); RSA (Cert. #157); SHS (Cert. #489); RNG (Cert. #215) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); CRC32 Multi-chip embedded "The cryptographic module (called Postal Security Device, PSD) supports booking processes within postal meters as well as value loading processes in order to increase the postage credits. The postage credits are kept as CSPs within the PSD. In detail the use of cryptographic services, like the production of cryptographic keys, the encoding, decoding or signature and signature verification is part of PSD internal purposes to the booking processes mentioned above. The PSD uses the following algorithms in the approved mode of operation: Triple-DES; RSA; SHA-1; RNG acc. to FIPS 186-2."
980	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Code Integrity (ci.dll) (Software Versions: 6.0.6001.18000, 6.0.6001.18023 and 6.0.6001.22120) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
979	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Winload OS Loader (winload.exe) (Software Versions: 6.0.6001.18000, 6.0.6001.18027 and 6.0.6001.22125) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #978 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
978	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Boot Manager (bootmgr) (Software Version: 6.0.6001.18000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and 760); HMAC (Cert.#415); RSA (Cert. #354); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
977	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 4000, nShield F2 2000, nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
976	Ingrian Networks, Inc. 350 Convention Way Redwood City, CA 94063 USA -Eric Murray TEL: 650-261-2400 FAX: 650-261-2401	DataSecure Appliance i430, i426, and i116 (Hardware Versions: P/N DS-0116-0100-00 (i116); P/Ns DS-0430-0100-00 and DS-0430-01NP-00 (i430); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306); Diffie-Hellman (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; SEED; MD5; RC4 Multi-chip standalone "The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
975	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3201 Wireless Mobile Interface Card with thermal plates (Hardware Version: 800-25522-02; Firmware Version: S3201W7K9-12308JK) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370 and #799); CCM (Cert. #11); SHS (Cert. #797); HMAC (Cert. #439); RNG (Cert. #459) -Other algorithms: HMAC MD5; MD5; RC4; RSA (non-compliant) Multi-chip embedded "The C3201WMIC-TPAK9 provides wireless connectivity for the Cisco 3200 Series Mobile Access Router. The module can be configured as 802.11g Wireless Access Point, 802.11g Wireless Root Bridge or 802.11g Wireless Work Group Bridge and supports the 802.11b/g wi-fi standards for communications, and 802.11i for security."
974	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert 3.2 (Hardware Versions: P5CC073, P5CD080 and P5CD144; Firmware Versions: CPDHxJC_RSEFI-025CC073V202, CPDIxJC_RSEFI-025CD080V402 and CPDYxJC_RSEFI-025CD144V503) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #744, #745 and #746); DSA (Cert. #276, #277 and 278); RSA (Certs. #349, #350 and #351); RNG (Certs. #432, #433 and #434); SHS (Certs. #759, #760 and #761); Triple-DES (Certs. #661, #662 and #663); Triple-DES MAC (Triple-DES Certs. #661, #662 and #663, vendor affirmed) -Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits); RSA (encrypt/decrypt) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 3.2 is a Java Card 2.2.1 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), SEED(128 bit), AES(up to 256 bits), DSA(up to 1024 bits), OAEP Padding and Triple-DES. The Sm@rtCafé Expert 3.2 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
973	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
972	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Firmware Version: 2.33.60-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
971	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4031Z-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendfor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
970	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
969	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Richard Rose TEL: 408-525-7822	Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches (Hardware Versions: 9216i: 1, 9506: 1, 9509: 2, 9513: 1; Supervisor: 13, Supervisor 1: 16, Supervisor 2: 4; Firmware Version: 3.2 (2c)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #662 and #663); DSA (Certs. #245 and #246); HMAC (Certs. #344 and #345); RNG (Certs. #382 and #383); RSA (Certs. #306 and #307); SHS (Certs. #695 and #696); Triple-DES (Certs. #609 and #610) -Other algorithms: DES; RC4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco MDS 9506, 9509, 9513, and 9216i deliver intelligent network services such as virtual storage-area networks (VSANs), comprehensive security, advanced traffic management, sophisticated diagnostics, and unified SAN management. In addition, these modules provide multiprotocol and multitransport integration and an open platform for embedding intelligent storage services such as network-based virtualization; as well as a multilayer approach to network and storage intelligence."
968	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500 and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
967	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.33.60) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #599); Triple-DES (Cert. #570); DSA (Cert. #233); SHS (Cert. #648); HMAC (Cert. #309); RNG (Cert. #340) -Other algorithms: N/A Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
966	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10, Build Standard N; Firmware Version: 2.33.60-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
965	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/24/2008	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500, and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
964	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Motorola Gold Elite Gateway Secure Card Crypto Engine (MGEG SCCE) (Hardware Version: R01.00.00; Firmware Versions: R01.07.05 and R01.07.06) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); DES; ADP; LFSR Multi-chip embedded "The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
963	Gemalto and ActivIdentity, Inc. Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Vincent Prothon TEL: 512-257-3810 -Stephane Ardiley TEL: 510-745-6288	SafesITe TOP FIPS DM GX4 with ActivIdentity Digital Identity Applet Suite v2 for PIV (Hardware Version: GCX4-M2569422; Firmware Versions: GCX4-FIPS EI07 and GCX4-FIPS EI08, Applet Versions: ACA v2.6.2.2, PKI/GC v2.6.2.3, ASC library package v2.6.2.2, PIV EP packages v2.6.2.6 and v2.6.2.7 (PIV Card Application: Cert. #10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2008; 07/09/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (ISO7816 & ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.2 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite provides services for authentication, access control, generic container and PKI. The module conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
962	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510- 574-0101	ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.A3, PKI/GC applet package v2.6.2.A1, ASC library package v2.6.2.A1, PIV End-Point package v2.6.2.A1 and v2.6.2.A2, SKI applet package v2.6.2.A2 (PIV Card Application: Cert. #7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/12/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model. The validated product is similar to Applet v2.6.2a (FIPS 140-2 Cert. #880), but added the One Time Password applet."
961	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 and FortiGate-5140 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008; 06/13/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
960	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X3 PSD Cryptographic Module (Hardware Version: 1R84000; Firmware Version: 01.04.07) (When configured with the listed FIPS-approved algorithms) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #342) -Other algorithms: N/A Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
959	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: 919-462-1933	SafeEnterpriseTM Encryptor, Model 650 (Hardware Versions: 904-200xx-00y, 904-210xx-00y; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#391, and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
958	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 3750G Integrated Wireless LAN Controller (Hardware Version: 02; Firmware Version: 4.1.171.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554 and #555); HMAC (Cert. #294); RNG (Cert. #322); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); AES (Cert. #555; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
957	Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: 6506, 6509, 6506-E, 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Version: 12.2(18)SXF7, Build adventerprisek9 (Supervisor); 4.1.171.0 (WiSM)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554 and #555); HMAC (Cert. #294); RNG (Cert. #322); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES (AES Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
956	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: 011-44-1442458600 FAX: 44-1442458601	AEP Advanced Configurable Cryptographic Environment (ACCE) (Hardware Version: 2730_G1; Firmware Version: 1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #599); AES (Cert. #648); DSA (Cert. #243); SHS (Cert. #681); RNG (Cert. #369); RSA (Cert. #297); Triple-DES MAC (Triple-DES Cert. #599, vendor affirmed). -Other algorithms: MD5; DES; Diffie-Hellman Multi-chip embedded "AEP Advanced Configurable Cryptographic Environment (ACCE) crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The ACCE crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
955	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402 and 4404, Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 4.1.171.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/05/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #554 and #555); HMAC (Cert. #294); RNG (Cert. #322); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620) -Other algorithms: AES (Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
954	Trapeze Networks 5753 W. Las Positas Blvd. Pleasanton, CA 94588 USA TEL: 925-474-2602 FAX: 925-251-0642	MX-200R/MX-216R Mobility Exchange WLAN Controllers (Hardware Versions: P/Ns MX-200R/MX-216R Rev. F; Firmware Version: MSS 6.1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #594); AES (Cert. #642); RNG (Cert. #365); RSA (Cert. #293); SHS (Cert. #677); HMAC (Cert. #331) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® WLAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software« and RingMaster® lifecycle WLAN management software."
953	Semtek Innovative Solutions Corporation 12777 High Bluff Drive San Diego, CA 92130 USA -Patrick Farrell TEL: 858-436-2270 FAX: 858-436-2280	Cipher Cryptographic Module (Hardware Version: P/N 7000-0008; Firmware Version: 1.00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008; 06/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #720); Triple-DES (Cert. #643) -Other algorithms: N/A Single-chip "The Cipher Cryptographic Module is a hardware module that provides physical protection for cryptographic keys and sensitive application code. The module can be used by point-of-sale manufacturers as a secure, drop-in solution to provide cardholder data encryption."
952	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	MCC7500 Secure Card Crypto Engine Cryptographic Module (Hardware Version: R01.00.00; Software Versions: R02.01.10 and R02.01.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/05/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; LFSR; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The MCC7500 Secure Card Crypto Engine is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
951	TANDBERG Telecom AS Philip Pedersens Vei 20 1366 Lysaker Oslo, Norway -Stig Ame Olsen TEL: +47 67838418 FAX: +47 67125234	TANDBERG MXP Codec (Firmware Version: F6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	05/22/2008	Overall Level: 1  -Tested: TANDBERG 6000 MXP server running Nucleus RTOS version 1.13.5 (PowerPC Freescale MPC8270), pSOS version 254 (video processor Phillips PNX1500) and DSP/BIOS version 5.20.05 (audio processor TI6713) -FIPS-approved algorithms: Triple-DES (Cert. #514); AES (Cert. #504); DSA (Cert. #208); SHS (Cert. #574); RNG (Cert. #282); RSA (Cert. #218); HMAC (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The TANDBERG MXP Codec is the firmware installed on nineteen various TANDBERG codec servers supporting a full line of videoconferencing systems designed for medium-to-large groups, as well as individual desktops. The firmware provides secure video conferencing through encryption and authentication for point-to-point calls and multipoint calls with the speed of up to 768 kbps."
950	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiClient Crypto Module (Software Version: 3.0.470) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/22/2008; 06/13/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional, SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317) -Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
949	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake TEL: 678-402-8021 FAX: 678-402-8021	FortiClient Crypto Module (Software Version: 3.0.470) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/22/2008; 06/13/2008	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX270 runnning Windows XP Professional; SP2 with security patches 907865, 27802, 928255, 885835, 888302, 885250, 873333, 890859, 896422, 899587, 899588, and 896423 -FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317) -Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
948	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure ACS FIPS Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server Service Pack 4; Windows 2003 Service Pack 1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #566); HMAC (Cert. #303); RNG (Cert. #331); RSA (Cert. #263); SHS (Cert. #632) -Other algorithms: AES (AES Cert. #566, vendor affirmed; key wrapping; key establishment methodology provides 128 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "Cisco Secure ACS FIPS Module is a software library that supports WPA2 security and is contained within a defined cryptographic boundary. It provides FIPS 140-2 validated support for EAP-TLS, EAP-FAST, PEAP and AES key wrap for 802.11i PMK transfer."
947	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tony Ureche TEL: 1-800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #891 and Cert. #892 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2008; 08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition (x86 Version) and Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert #715); HMAC (Cert #386); SHS (Cert #737) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
946	Authernative, Inc. 201 Redwood Shores Parkway Suite 275 Redwood City, CA 94065 USA -Len L. Mizrah TEL: 650-587-5263 FAX: 650-587-5259	Authernative® Cryptographic Module (Software Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/16/2008; 06/23/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 1.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #697); HMAC (Cert. #375); RNG (Cert. #408); SHS (Cert. #725); Triple-DES (Cert. #629) -Other algorithms: MD5 Multi-chip standalone "The Authernative Cryptographic Module is a software cryptographic module that is implemented as a software library. This software library provides cryptographic services for all Authernative products. The module provides FIPS-Approved cryptographic services for encryption, decryption, key generation, secure hashing, and random number generation."
945	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-50B (Hardware Version: FortiGate-50B (C5GB38); Firmware Version: FortiOS 3.00, build 8568,070918) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/16/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613 and #614); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
944	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 128 v5.5 D (Hardware Version: P/N B0; Firmware Version: F310-067733) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008; 05/20/2008; 06/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #657); Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); SHS (Cert. #688); RSA (Cert. #304); RNG (Cert. #377); ECDSA (Cert. #70) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); RSA (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); AES MAC (AES Cert. #657; non-compliant) Single-chip "This new generation Oberthur Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that includes NSA SUITE-B cryptography for Top Secret classified information (symmetric encryption, message digest, and digital signature). Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and offers a full 128KB of EEPROM for customer data and keys. It is available with two communication interfaces (ISO 7816 for contact and ISO 14443 for contactless)."
943	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	iKey 4000 USB Token (Hardware Version: 909-40002-000 and 909-40002-006; Firmware Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #455 and #755); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The iKey 4000 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 4000 offers wide range of authentication services together with the highest levels of security. It offers powerful implementations for public and secret key encryption supporting RSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
942	Guidance Software, Inc. 215 North Marengo Avenue Suite 250 Pasadena, CA 91101 USA -Ken Basore TEL: 626-229-9191 FAX: 626-229-9199	EnCase Enterprise Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/16/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP Professional SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #666); DSA (Cert. #248); SHS (Cert. #698); HMAC (Cert. #350); RNG (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "EnCase Enterprise has changed the landscape of enterprise and computer investigations by providing complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations anywhere on a network. EnCase« Enterprise is a scalable platform that integrates seamlessly with your existing systems to create an enterprise investigative infrastructure. This cutting-edge solution can be tailored to meet your unique needs, including the automation of time-consuming investigative processes, incident response and eDiscovery."
941	Ericsson, Inc. 6300 Legacy Drive Plano, TX 75024 USA -Robert Walls TEL: 972-583-3592 FAX: 972-583-1848	AUC-10 GARP Cryptographic Module (Hardware Version: P/N ROJ 208 16/3 R1A/1; Firmware Version: CXC 106 0272 R1C) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #678); RNG (Cert. #394) -Other algorithms: N/A Multi-chip embedded "The AUC-10 GARP Cryptographic Module (CM) is a multi-chip embedded module composed of the AGEN2R WCDMA Authentication Vectors Generation application executing on an Ericsson proprietary Generic Application Regional Processor (GARP) board. The 3rd Generation Partner Project (3GPP) organization defines standards followed by the telephony industry for 3G networks (GSM and WCDMA). The Authentication Center (AUC) is the specific entity that provides authentication and ciphering data to the WCDMA system."
940	IBM® Corporation 9032 S Rita Rd Tucson, AZ 85744 USA -James Karp -Paul Greco	IBM System Storage TS1120 Tape Drive - Machine Type 3592, Model E05 (Hardware Version: 23R6564 EC level H82149; Firmware Version: 95P5203 EC level H82669) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/16/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #631 and #632); RNG (Cert. #362); RSA (Cert. #291); SHS (Cert. #671) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG Multi-chip embedded "The TS1120 / 3592 E05 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256 bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
939	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.11b and 3.8.5.11c) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	04/23/2008	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8300 with BlackBerry OS Version 4.3 -FIPS-approved algorithms: Triple-DES (Certs. #653 and #654); AES (Certs. #734, #735, #736 and #737); SHS (Certs. #751 and #752); HMAC (Certs. #400 and #401); RSA (Certs. #344 and #345); RNG (Certs. #428 and #429); ECDSA (Certs. #78 and #79) -Other algorithms: EC Diffie-Hellman key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
938	IronKey, Inc. 5150 El Camino Real, Suite C31 Los Altos, CA 94022 USA -Gil Spencer TEL: 650-492-4055 x102 FAX: 650-967-4650	IronKey Secure Flash Drive Cryptographic Module (Hardware Versions: P/Ns 46.012.001.01 Version 1.0, 46.012.001.02 Version 1.0, 46.012.001.04 Version 1.0, and 46.012.001.08 Version 1.0; Firmware Version: 1.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #655); RNG (Cert. #380); RSA (Cert. #305); SHS (Certs. #689 and #691) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant) Multi-chip standalone "The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
937	Memory Experts International, Inc. 227 Rue Montcalm, Suite 202 Gatineau, Quebec J8Y 2B9 Canada -Scott Ashdown TEL: 613-851-2102	MXI Cryptographic NAND Controller (CNC) (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The MXI Cryptographic NAND Controller (CNC) provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The CNC employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
936	Verbatim Americas LLC 1200 West WT Harris Blvd. Charlotte, NC 28262 USA -Mark Rogers TEL: 704-547-6600 FAX: 704-547-6522	Store 'n' Go Corporate Secure FIPS (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/17/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The Store 'n' Go Corporate Secure FIPS provides FIPS 140-2 Approved security functionality to DiskOnKey flash drives. The Store 'n' Go Corporate Secure FIPS employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
935	Tait Electronics Ltd 175 Roydvale Avenue Christchurch, New Zealand -Werner Hoepf TEL: + 64 3 358 6613	TEL_crypto_module (Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Firmware	04/17/2008	Overall Level: 1  -Tested: Texas Instruments TMS320C5509 and TNS320C5510 Digital Signal Processors -FIPS-approved algorithms: AES (Cert. #537); TDES (Cert. #539); SHS (Cert. #672); HMAC (Cert. #327); RNG (Cert. #343) -Other algorithms: N/A Single-chip "Firmware implementation of the Tait FIPS 140-2 Crypto module used in the Tait Electronics Ltd digital product range."
934	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Patrick Blanluet TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10	PSD Model 105, 106, 115, 116, 126, 127, 101, 102, 111, 112, 121, 122 (Hardware Version: P/Ns 4129955L and 4129955LD; Firmware Version: P/N 4139419UA Version 21.2) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/17/2008; 09/12/2008	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: Triple-DES (Cert. #558); Triple-DES MAC (Triple-DES Cert. #558, vendor affirmed); AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
933	Trapeze Networks 5753 W. Las Positas Blvd. Pleasanton, CA 94588 USA -Ted Fornoles TEL: 925-474-2602 FAX: 925-251-0642	MP-422F Mobility Point (Hardware Version: P/N MP-422F Rev. A; Firmware Version: MSS 6.1.0.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/08/2008	Overall Level: 2  -FIPS-approved algorithms: AES CCM (Cert. #641); HMAC (Cert. #330); SHS (Cert. #676) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RNG (non-compliant) Multi-chip standalone "Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® LAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software® and RingMaster® lifecycle WLAN management software."
932	SanDisk Corporation 601 McCarthy Boulevard Milpitas, CA 95035-0459 USA -Daniel Shefer TEL: 408-801-1563 FAX: 408-801-8508	S2 FIPS DiskOnKey Controller (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Version: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/08/2008; 05/08/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The SanDisk S2 FIPS DiskOnKey Controller provides FIPS 140-2 Approved security functionality to SanDisk DiskOnKey USB flash drives. The S2 FIPS DiskOnKey Controller employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
931	Secure Computing Corporation 2340 Energy Park Drive St. Paul, MN 55108 USA -Chuck Monroe TEL: 651-628-2799 FAX: 651-628-2701	Cryptographic Module for SecureOS® v9.7.1 (Software Version: 9.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/31/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SecureOS® v6.1 and v7.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #548); AES (Cert. #552); DSA (Cert. #225); SHS (Cert. #617); HMAC (Cert. #293); RSA (Cert. #248); RNG (Cert. #320) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder® and Sidewinder G2® Security Appliance™. Sidewinder is a line of comprehensive network gateway security appliances consolidating a variety of Internet security functions including TrustedSource™, IPS, firewall, VPN, anti-virus, anti-spam, SSL decryption, and more. Sidewinder G2® is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
930	Hewlett-Packard Company, Atalla Security Products 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Ted Hadley TEL: 408-447-3397 FAX: 408-447-5525	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 543856-001; Firmware Versions: Loader Version 1.0, PSMCU Version 7.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2008	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #148); SHS (Cert. #473) -Other algorithms: N/A Multi-chip embedded "The ACS is a multi-chip embedded cryptographic module. It consists of a secure hardware platform (a full length PCI Card) and a secure firmware loader. The purpose of the module is to load application programs, called "personalities," in a secure manner."
929	Kingston Technology Company 17600 Newhope Street Fountain Valley, CA 92708 USA -Mark Akoubian TEL: 714-438-2719 FAX: 714-427-3598	Kingston S2 CM (Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2008; 04/04/2008; 06/23/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The Kingston S2 CM is the core component of this performance secure USB Flash Drive. All data stored in the userÆs private partition is encrypted in hardware without reducing performance. The Kingston S2 CM provides encryption, user authentication and access control independent of the host software and hardware."
928	Comtech Mobile Datacom Corporation 20430 Century Blvd. Gaithersburg, MD 20874 USA -John Fossaceca TEL: 240-686-2146 FAX: 240-686-3301 -Bill Vaughan TEL: 240-686-3300 FAX: 240-686-3301	MTM-203 Satellite Mobile Transceiver (Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: Commercial Firmware: C.3.7.Y and Boot Code: 2.3.E) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/18/2008; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #626); HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502) -Other algorithms: AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; RNG (non-compliant); Triple-DES (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
927	Mocana Corporation 350 Sansome Street Suite 210 San Francisco, CA 94104 USA -Lee Cheng TEL: 415-617-0055 FAX: 415-617-0056	Mocana Cryptographic Module (Software Versions: 3.06.1 and 3.06.1a) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/14/2008; 05/08/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2; Linux Kernel 2.6; uCLinux Kernel 2.4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #665); Triple-DES (Cert. #611); SHS (Cert. #697); HMAC (Cert. #349); RSA (Cert. #308); DSA (Cert. #247); RNG (Cert. #384) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Mocana Cryptographic Module is used in conjunction with Mocana's scalable, high performance embedded security solutions. These include: Mocana EAP supplicant/authenticator, Mocana SSL/TLS Client & Server, Mocana SSH Client & Server and Mocana IPsec/IKE."
926		Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/11/2008	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
925	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect (Hardware Version: P/N AT90SC25672RCT Revision D; Firmware Version: 0106.6340.0101) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #560); Triple-DES MAC (Triple-DES Cert. #560, vendor affirmed); AES (Cert. #577); SHS (Cert. #633); RNG (Cert. #332); RSA (Cert. #264) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Athena Smartcard Solutions is a global smart card company offering a wide range of smart card products and solutions for Government, Enterprise and Financial institutions. Athena's products include advanced smart card operating systems, cross-platform cryptographic middleware and innovative biometric and card management solutions as well as advanced smart card readers. Athena offers FIPS and VISA certified Java Card solutions for ID and Finance on various smart card silicon and in a variety of form-factors."
924	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	03/14/2008	Overall Level: 1  -Tested: ARM 920T processor, running Hand Held Products BASE firmware 31205423-052; Hand Held Products Scanner firmware 31205480-025 -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
923	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 x117 FAX: 813-288-7389	AirFortress® Wireless Security Gateways (Hardware Versions: AF2100 and AF7500; Firmware Version: 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #550); HMAC (Cert. #291); RNG (Cert. #318); SHS (Cert. #615); Triple-DES (Cert. #546) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5 Multi-chip standalone "The AirFortress® Wireless Security Gateways are electronic encryption modules that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress« Wireless Security Gateways provide encryption, data integrity checking, authentication, access control, and data compression."
922	Software House 70 Westview St Lexington, MA 02421 USA -Rick Focke TEL: 781-768-0266 FAX: 781-466-9550	iSTAR eX Controller (Hardware Version: STAREX004W-64; Firmware Version: 4.1.1.12045) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/29/2008; 03/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #433); RNG (Cert. #283); SHS (Cert. #575); RSA (Cert. #219) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The iSTAR eX controller is a security door controller which is connected to at least one card reader and a door. The iSTAR eX controller works from a database stored internally in memory for determining access privilege of an individual. When a card is swiped by a reader the data goes to the iSTAR eX controller. The controller then sends a notify message to the access database to determine if access is allowed. If access is granted then the iSTAR eX controller sends an open command back to the door and access is granted. If access is not granted the door remains closed and locked."
921	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Shryl Tidmore TEL: 469-524-2681 FAX: 972-953-2690 -Terrence Shaw TEL: 469-524-2413 FAX: 972-953-2816	Sterling Crypto-C (Software Version: 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/29/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Sun Solaris 10; IBM AIX 5L(TM) 5.3; and HP-UX 11i v2 (single-user mode) -FIPS-approved algorithms: SHS (Cert. #655); HMAC (Cert. #312); RSA (Cert. #280); DSA (Cert. #235); RNG (Cert. #403); Triple-DES (Cert. #578); AES (Cert. #605) -Other algorithms: DES; RC2; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Sterling Crypto-C is a software module implemented as two dynamic libraries. Sterling Crypto-C provides security capabilities, such as encryption, authentication, and signature generation and verification for Sterling Commerce's managed file transfer solutions."
920	Security First Corp. 22362 Gilberto Suite 130 Rancho Santa Margarita, CA 92688 USA -Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092	SecureParser (Software Versions: 4.5.0 and 4.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/29/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP, Window Server 2003, Red Hat Linux Enterprise v4, SUSE Linux Enterprise v10 (single user mode) -FIPS-approved algorithms: AES (Certs. #594 and #687); RNG (Certs. #330 and #401); RSA (Certs. #262 and #321); DSA (Certs. #229 and #260); SHS (Certs. #631and #716); HMAC (Certs. #302 and #366); ECDSA (Certs. #63 and #77) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The SecureParser is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
919	Hughes Network Systems 11717 Exploration Lane Germantown, MD 20876 USA -Vivek Gupta TEL: 301-548-1292 FAX: 301-428-1868	Hughes Crypto Kernel (Firmware Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	02/29/2008	Overall Level: 1  -Tested: Hughes 7700S Satellite Router running VxWorks 5.4 -FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
918	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: 1.1.2; Resultant Compiled Software Version: 1.1.2) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/29/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 10.2 (gcc Compiler Version 4.1.2) -FIPS-approved algorithms: Triple-DES (Cert. #613); AES (Cert. #668); SHS (Cert. #701); HMAC (Cert. #352); RSA (Cert. #310); RNG (Cert. #387) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DSA (Cert. #250; non-compliant) Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
917	CardLogix Corporation 16 Hughes, Suite 100 Irvine, CA 92618 USA -Ken Indorf TEL: 949-380-1312 FAX: 949-380-1428	CardLogix Credentsys-J (Hardware Version: P/N AT90SC12872RCFT Rev. J; Firmware Version: Credentsys-J PIV applet Version 2.3.0.8, OS755 Version 07.0107.04 (PIV Card Application: Cert. #9) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/13/2008; 04/29/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #566); Triple-DES MAC (Triple-DES Cert. #566, vendor affirmed); AES (Cert. #595); RNG (Cert. #339); RSA (Cert. #272); SHS (Cert. #644) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "CREDENTSYS-J is a secure smart card that is designed for National ID systems and multi-use enterprise security environments. The CREDENTSYS-J card is based on Java Card TM 2.2.1 and Global Platform 2.1.1 architectures and is readily deployable into existing or new PKI environments. CREDENTSYS-J cards offer a combination of high performance and cost-effectiveness by running on advanced 32-bit RISC processor cores with TDES and PKI cryptographic accelerations."
916	Ingrian Networks, Inc. 350 Convention Way Redwood City, CA 94063 USA -Eric Murray TEL: 650-261-2400 FAX: 650-261-2401	DataSecure Appliance i416, i426 and i116 (Hardware Versions: P/N DS-0116-0100-00 (i116); P/N DS-0416-0100-00 (i416); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.2p01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; SEED; MD5; RC4 Multi-chip standalone "The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
915	Hughes Network Systems 11717 Exploration Lane Germantown, MD 20876 USA -Vivek Gupta TEL: 301-548-1292 FAX: 301-428-1868	Hughes Crypto Kernel (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/13/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode) -FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
914	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku,, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS Lite and CSL software cryptographic modules (Software Versions: 2.1.0 (C4CS Lite) and 2.1.0 (CSL)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 08/29/2008	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 with SP3 and Q326886 Hotfix running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS Multi-chip standalone "C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
913	Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points (Hardware Versions: 1131 Revision C0, 1242 Revision A0; Firmware Version: 4.1.171.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2008; 03/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370, #591 and #592); HMAC (Cert. #308); RNG (Cert. #337); RSA (Cert. #270); SHS (Cert. #642) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco LWAPP Aironet 1131 & 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
912	Sterling Commerce, Inc. 4600 Lakehurst Court PO Box 8000 Dublin, OH 43016-2000 USA -Shryl Tidmore TEL: 469-524-2681 -Adrian Glanvill TEL: 614-793-3757	Sterling FIPS Crypto-J Module (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/12/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit; Solaris 9 32-bit; Solaris 9 64-bit; Solaris 10 32 bit SPARC (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41); RSA (Cert. #191) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Sterling FIPS Crypto-J Module is a cryptographic toolkit for Java language users, providing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography."
911	Tyco Electronics, M/A-COM, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Dennis Maddox TEL: 434-455-9591 FAX: 434-455-6851	M/A-COM Wireless Systems Cryptographic Library (SECLIB) (Software Version: R1A) (While operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Windows Server 2003 SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #637); Triple-DES (Cert. #591); SHS (Cert. #673); HMAC (Cert. #328); RNG (Cert. #363) -Other algorithms: AES MAC (AES Cert. #637; non-compliant); DES; DES MAC Multi-chip standalone "The M/A-COM Wireless Systems Cryptographic Library is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements."
910	IBM® Corporation Nymollevej 91 Lyngby, DK-2800 Denmark -Crypto Competence Center Copenhagen TEL: +45 4523 4441 FAX: +45 4523 6802	IBM CryptoLite for Java (Software Version: 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 03/07/2008; 06/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with Sun Java JRE 1.6.0 (single user mode) -FIPS-approved algorithms: AES (Cert. #659); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECDSA (Cert. #71); HMAC (Cert. #341); RNG (Cert. #379); SHS (Cert. #692) -Other algorithms: N/A Multi-chip standalone "The IBM CryptoLite for Java (CLiJ) v4 is a Java Cryptographic Extension (JCE) compliant cross-platform software library which provides APIs for the cryptographic functions specified in NSA Suite B. CLiJ includes specific high performance implementations of a number of cryptographic algorithms and services. CliJ has highly optimized elliptic curve operations and very efficient implementation of finite field arithmetic.CLiJ can be used on any JVM running Java version 1.5 or higher. CLiJ is compliant with ANSI X9.62, ANSI X9.63 and IEEE 1363."
909	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Kostas Vassilakis TEL: 203-924-3610 FAX: 203-924-3409	Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) (Hardware Versions: P/Ns 41U0438 and 12R8561, Model 4764-001; Firmware Version: Miniboot FW v1.25, Segment 2 FW v1.3, CCV Application FW v3.02.05) (When operated with module IBM eServer Cryptographic Coprocessor Security Module validated to FIPS 140-2 under Cert. #661 and operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #215); Triple-DES MAC (Triple-DES Cert. #215, vendor affirmed); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132) -Other algorithms: DES MAC Multi-chip embedded "The Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
908	GlobalSCAPE, Inc. 6000 Northwest Parkway Suite 100 San Antonio, TX 78249 USA -Mike Hambidge TEL: 210-293-7921 FAX: 210-690-8824	GlobalSCAPE® Cryptographic Module (Software Version: 1.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode) -FIPS-approved algorithms: AES (Cert. #618); Triple-DES (Cert. #586); DSA (Cert. #240); SHS (Cert. #666); RSA (Cert. #287); HMAC (Cert. #320); RNG (Cert. #388) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD2; MD4; MD5; MDC2; RIPEMD160; Blowfish; CAST5; RC2; RC4; RC5; IDEA Multi-chip standalone "The GlobalSCAPE® Cryptographic Module (GSCM) provides cryptographic services for the GlobalSCAPE family of software products such as Secure FTP Server and EFT Server. The services include symmetric/asymmetric encryption/decryption, digital signatures, message digest, message authentication, random number generation, and SSL/TLS support. The GSCM is intended for use by applications through the moduleÆs Application Programming Interface (API), which is based on the OpenSSL API defined by the OpenSSL Project."
907	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku,, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS Lite and CSL software cryptographic modules (Software Versions: 1.1.0 (C4CS Lite) and 1.1.0 (CSL)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/07/2008; 08/29/2008	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS Multi-chip standalone "C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
906	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5505 and ASA 5550 (Hardware Versions: 5505 and 5550; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/25/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #536 and #564); HMAC (Certs. #125, #283 and #301); RNG (Certs. #144, #309 and #329); RSA (Certs. #106, #242 and #261); SHS (Certs. #196, #606 and #630); Triple-DES (Certs. #217, #538 and #559) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
905	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD, FortiGate-300A/300A-HD, FortiGate-500A/500A-HD and FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89); FortiGate-300/300A-HD (build C4FK88); FortiGate-500/500A-HD (build C4BE21); FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/25/2008; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
904	Foundry Networks 4980 Great America Pkwy Santa Clara, CA 95054 USA -Michael Hong TEL: 408-207-1700	Foundry Networks FIPS 140-2 Cryptographic Module (Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Foundry Networks FIPS 140-2 Cryptographic Modules resides on PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
903	Foundry Networks 4980 Great America Pkwy Santa Clara, CA 95054 USA -Michael Hong TEL: 408-207-1700	Foundry Networks FIPS 140-2 Cryptographic Module (Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-Des Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Foundry Networks FIPS 140-2 Cryptographic Module resides on a PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
902	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-5GT (Hardware Version: NS-5GT; Firmware Versions: 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/23/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #532); AES (Cert. #525); DSA (Cert. #216); SHS (Cert. #598); RNG (Cert. #301); RSA (Cert. #235); HMAC (Cert. #276) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates a complete set of best-in-class UTM security features including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering which allow the NetScreen-5GT to defend the network against worms, Spyware, Trojans, malware and other emerging attacks. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security."
901	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: NS-500; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -FIPS-approved algorithms: DSA (Cert. #214); SHS (Cert. #590); Triple-DES (Cert. #527); AES (Cert. #517); HMAC (Cert. #268); RSA (Cert. #231); RNG (Cert. #293) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance solution for medium and large enterprise central sites and service providers. The NetScreen-500 security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile, modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones."
900	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks SSG 5 and SSG 20 (Hardware Versions: P/N SSG-5 and SSG-20; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #533); AES (Cert. #526); DSA (Cert. #217); SHS (Cert. #599); RNG (Cert. #302); RSA (Cert. #236); HMAC (Cert. #277) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks Secure Services Gateway 5 (SSG 5) and Secure Services Gateway 20 (SSG 20) are purpose-built security appliances that deliver a perfect blend of performance, security and LAN\WAN connectivity for small branch office and small business deployments. Traffic flowing in and out of the branch office can be protected from worms, Spyware, Trojans, and malware by a complete set of Universal Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
899	IBM® Corporation Nymøllevej 91 Lyngby, DK-2800 Denmark -Crypto Competence Center Copenhagen TEL: +45-4523-4441 FAX: +45-4523-6802	IBM CryptoLite for C (Software Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/16/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate; Red Hat Enterprise Linux v4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #615); Triple-DES (Cert. #585); SHS (Cert. #663); DSA (Cert. #238); RSA (Cert. #286); RNG (Cert. #350); HMAC (Cert. #318); ECDSA (Cert. #66) -Other algorithms: DES; CAST-5; CAST-6; RC2; ArcFour; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 to 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD2; MD5; Whirlpool; HMAC MD5 Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
898	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-204 and NetScreen-208 (Hardware Versions: NS-204 and NS-208; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #215); SHS (Cert. #591); Triple-DES (Cert. #528); AES (Cert. #518); HMAC (Cert. #269); RSA (Cert. #232); RNG (Cert. #294) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances available today. They easily integrate and secure many different network environments, including medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure. Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-208)."
897	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks NetScreen-5200 and NetScreen-5400 (Hardware Versions: NS-5200 and NS-5400; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #212); SHS (Cert. #587); Triple-DES (Cert. #524); AES (Cert. #514); HMAC (Cert. #265); RSA (Cert. #228); RNG (Cert. #290) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-5000 series is a line of purpose-built, high-performance firewall/VPN security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 series consists of two products: the 2-slot NetScreen-5200 system and the 4-slot NetScreen-5400 system. NetScreen-5000 security systems integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality, in a low-profile modular chassis."
896	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks ISG 1000 and ISG 2000 (Hardware Versions: P/N NS-ISG-1000 and NS-ISG-2000; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/16/2008; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #213); SHS (Cert. #588); Triple-DES (Cert. #525); AES (Cert. #515); HMAC (Cert. #266); RSA (Cert. #229); RNG (Cert. #219) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen ISG 1000 and ISG 2000 are Internet security devices that integrate firewall, virtual private networking (VPN), and traffic shaping functions. Through the VPN, the NetScreen ISG devices provide the following: IPSec standard security, Triple-DES, and Advanced Encryption Standard (AES) encryption, Manual and automated IKE (ISAKMP), and Use of RSA and DSA certificates."
895	Xirrus, Inc. 370 N. Westlake Blvd. Suite 200 Westlake Village, CA 91362 USA -Patrick Parker TEL: 805-497-0955 FAX: 866-462-3980	Xirrus Wireless LAN Array (Hardware Versions: Models: XS-3900 P/Ns 190-0001-001, 190-0001-002, 190-0001-003, 190-0001-004 Version B1; XS-3700 P/Ns 190-0005-001, 190-0005-002, 190-0005-003, 190-0005-004 Version B1; XS-3500 P/Ns 190-0004-001, 190-0004-003 Version A1; WFX-3900 P/N 190-0016-001 Version A1; WFX-3700 P/N 190-0017-001 Version A1; WFX 3500 P/N 190-0018-001 Version A; XS4 P/N 190-0092-001 Version A; XS8 P/N 190-0091-001 Version A; XS16 P/N 190-0090-001 Version A; Firmware Version: 3.2-0477) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/10/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #470); RNG (Cert. #255); HMAC (Cert. #304); SHS (Cert. #638); RSA (Cert. #290) -Other algorithms: RC4; MD5 Multi-chip standalone "The Xirrus Wireless LAN Array represents the next generation in enterprise wireless LAN architecture - combining the functionality of a WLAN switch and Integrated Access Points (IAPs) in a single device. The WLAN Array delivers Gigabit-class Wi-Fi bandwidth to an extended coverage area simplifying the wireless LAN setup."
894	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
893	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
892	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Cryptographic Primitives Library (bcrypt.dll) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); DSA (Cert. #227); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4 Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
891	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 50 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5 Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
890	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Code Integrity (ci.dll) (Software Version: 6.0.6000.16386) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #889 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
889	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Winload OS Loader (winload.exe) (Software Versions: 6.0.6000.16386, 6.0.6000.16476 and 6.0.6000.20586) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #888 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #424); RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
888	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Boot Manager (bootmgr) (Software Version: 6.0.6000.16386) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/10/2008	Overall Level: 1  -Operational Environment: tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #424); HMAC (Cert.#298); RSA (Cert. #255); SHS (Cert. #618) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
887	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	CoSign (Hardware Version: 4.0; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/07/2008; 03/07/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organizationÆs end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
886	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client Bridge (Hardware Version: 1.0; Firmware Version: 2.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/07/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #545); Triple-DES (Cert. #541); SHS (Cert. #609); RNG (Cert. #312); HMAC (Cert. #286) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant); RSA (non-compliant); MD2; MD5; Blowfish; CAST; IDEA; RC2; RC4; RC5 Multi-chip standalone "The Fortress Secure Client Bridge is a hardware module designed to deliver security on wireless and wired devices that cannot run the Fortress Secure Client software. A plug-and-play solution, the Secure Client Bridge encrypts and decrypts communication across the WLAN and LAN and protects the device against attacks without user intervention."
885	L-3 Communications Linkabit 3033 Science Park Road San Diego, CA 92121 USA -Rick Roane TEL: 858-597-9097 FAX: 858-552-9660	MPM-1000, 70 MHz Layout 1; MPM-1000, 70 MHz Layout 2; and MPM-1000, L-Band (Hardware Versions: P/N 119811-1, 119903-30 and 119903-33; Firmware Version: 121423-00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/07/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
884	Juniper Networks, Inc. 1194 N. Mathilda Avenue Building 3 Sunnyvale, CA 94089 USA -Su-Chen Lin (Sue) TEL: 408-936-8447 FAX: 408-936-3032 -Tim Stahlke TEL: 408-936-7261 FAX: 408-936-3032	Juniper Networks SSG 520M and SSG 550M (Hardware Versions: P/N SSG 520M and SSG 550M; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9 and 5.4.0r10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/14/2007; 07/10/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #218); SHS (Cert. #601); Triple-DES (Cert. #535); AES (Cert. #529); HMAC (Cert. #278); RSA (Cert. #239); RNG (Cert. #304) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks Secure Services Gateway 500 Series (SSG) represents a new class of purpose-built security appliance that delivers a perfect mix of performance, security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
883	TriCipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	TriCipher Common Core Cryptographic Module (Software Version: 3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun JDS Linux 2.4.19 and Microsoft Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #571); RSA (Cert. #273); HMAC (Cert. #310); SHS (Cert. #649); RNG (Cert. #341) -Other algorithms: DES; MD5; RSA (PKCS #5); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The CCCM provides all cryptographic functionality used by TriCipher's ID Tool, APIs and other client-side products."
882	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Yellow Dog Linux 2.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #545); AES (Cert. #549); SHS (Cert.#614); HMAC (Cert. #290); RNG (Cert. #317); DSA (Cert. #223); ECDSA (Cert. #57); RSA (Cert. #246) -Other algorithms: DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; ECNR; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); ECIES Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
881	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment provides 56 bits of encryption strength); DES; MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
880	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite V2 for PIV (Hardware Version: HW P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.2 and 2.6.2.A3; PKI/GC applet package v2.6.2.3 and 2.6.2.A1; ASC library package v2.6.2.2 and 2.6.2.A1; PIV End-Point packages v2.6.2.6, v2.6.2.A1 and v2.6.2.A2) (PIV Card Application: Cert. #7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007; 01/25/2008; 04/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES; DES MAC Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
879	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 515 and PIX 515E (Hardware Versions: 515 and 515E; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
878	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -William McIntosh TEL: 813-288-7388 x117	Fortress Secure Client (Software Versions: 3.1 and 3.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 04/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2; Windows 2000 Professional with SP4; Windows 2003 Server with SP2; Windows CE 3.0; Windows CE 4.0; Windows CE 5.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #607); HMAC (Cert. #313); RNG (Cert. #346); SHS (Cert. #656); Triple-DES (Cert. #579) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
877	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA (Hardware Versions: 7206VXR Version: 2.9, NPE-G1 Version: 2.1, NPE-G2 Version: 1.0, VAM2+ Version: 1.0, VSA Version: 1.0, C7200-JC-PA Version: 1.0, 7301 Version: 2.0; Firmware Version: 12.4(11)T1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007; 12/18/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #91 and #173); HMAC (Certs. #39 and #203); RNG (Certs. #83, #266 and #267); SHS (Certs. #258, #500, #556 and #557); Triple-DES (Certs. #204 and #275) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
876	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version: P/N CLN7493D Version 8; Firmware Version: R3.52.42) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
875	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543) -Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RC2; RC4 Multi-chip standalone "The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, DSA and Diffie-Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
874	3e Technologies International, Inc. 9715 Key West Avenue 5th Floor Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989 -Chris Guo TEL: 301-944-1294 FAX: 301-670-6989	3e Cryptographic Kernel Library (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593) -Other algorithms: Multi-chip standalone "The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873	Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA -Jack Edington TEL: 319-295-5997 -Robert Shreve TEL: 319-295-2611	Common Crypto Circuit Card Assembly (Hardware Version: 944-2541-004; Software Version: 091-3186-006) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2007	Overall Level: 1  -Physical Security: Level 2 -EMI/EMC: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #169) -Other algorithms: Serpent; Twofish; Triple-DES (non-compliant) Multi-chip embedded "The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
872	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 525 and PIX 535 (Hardware Versions: 525 and 535; Firmware Version: 7.2.2.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
871	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200 and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Nitrox XL NFB FIPS Cryptographic Module is a cryptographic module integrated into a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
870	Cavium Networks 805 East Middlefield Road Mountain View, CA 94043 USA -Mike Scruggs TEL: 650-623-7000	Nitrox XL NFB FIPS Cryptographic Modules (Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200, and CN1005-VBD-03-0200; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed) -Other algorithms: AES-MAC (Certs. #551 and #189, non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Cavium Nitrox NFB Cryptographic Modules are a cryptographic component of the Nitrox PCI acceleration board that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
869	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/27/2007; 12/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64, and IA64) (single user mode) -FIPS-approved algorithms: HMAC (Cert. #287); RNG(Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542) -Other algorithms: DES; HMAC-MD5 Multi-chip standalone "Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
868	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.3959) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
867	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HICOS PKI Smart Card Chip (Hardware Version: HD65257C1; Software Versions: GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2, and GSM Applet 1.0; Firmware Versions: HardMask: 2.0 and SoftMask: 3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/19/2007	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #234); Triple-DES (Cert. #530); SHS (Cert. #594); RNG (Cert. #298); AES (Cert. #522); HMAC (Cert. #272); Triple-DES MAC (Triple-DES Cert. #530, vendor affirmed) -Other algorithms: COMP-128; AES-MAC (AES Cert. #522; non-compliant) Single-chip "The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
866	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-527A3 AirGuard™ Wireless Access Point, 3e-527A3 AirGuard™ Wireless Access Point with Outdoor Option and 3e-527A3MP AirGuard™ Wireless Access Point with Mobile Power (Hardware Versions: 1.1, 1.1 and 1.1; Firmware Version: 4.0.10.23) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/27/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #627); HMAC (Cert. #325); RNG (Cert. #359); SHS (Cert. #669); Triple-DES (Cert. #589) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-527A3 is a device that consists of electronic hardware, firmware, and a strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-527A3 operates as either a gateway connecting a local area network to wide area network (WAN) or as an access point within a local area network."
865	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Versions: 2.1.0.2 [1] and 2.1.0.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/19/2007; 12/20/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with [1]: AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 Phone Edition; Windows Mobile 5.0; Windows Mobile 5.0 Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2). Tested as meeting Level 1 with [1] and [2]: Windows 2003 SP1 (32-bit x86 - VS6.0 build) (in single-user mode) -FIPS-approved algorithms: AES (Certs. #644 and #673); DSA (Certs. #242 and #254); ECDSA (Certs. #68 and #74); HMAC (Certs. #333 and #357); RNG (Certs. #367, #392 and vendor affirmed: SP 800-90); RSA (Certs. #295 and 314); SHS (Certs. #679 and #706); Triple-DES (Certs. #596 and #618) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
864	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Key Management Facility Crypto Card (KMF CC) (Hardware Version: P/N T6722A Version CLN7612B; Firmware Version: R01.09) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/13/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DES MAC; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); HCA; LFSR; NDRNG Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
863		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/16/2007; 12/07/2007; 03/07/2008	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
862		Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/07/2007	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
861	Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA -Shaun Lee TEL: +44 1189 243860	Oracle Cryptographic Libraries for SSL (Software Version: 10g (10.1.0.5)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/18/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server -FIPS-approved algorithms: Triple-DES (Cert. #573); AES (Cert. #608); SHS (Cert. #657); HMAC (Cert. #314); RSA (Cert. #281); RNG (Cert. #347) -Other algorithms: RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
860	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Digital Interface Unit Crypto Module (DIU CM) (Hardware Version: T6721A, Version CLN7611C; Firmware Versions: R82.01.02, R82.01.03 and R82.01.05) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82; vendor affirmed); AES (Cert. #2); RNG (Cert. #121); SHS (Cert. #335) -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; HCA; ADP; LFSR; NDRNG; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola's Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola's APCO-25 compliant family of console and base station radio infrastructure equipment."
859	VMware, Inc. 3145 Porter Drive Palo Alto, CA 94304 USA -Eric Masyk TEL: 650-798-5820 FAX: 650-475-5001	ACE Encryption Engine (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/06/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP2; Microsoft Windows Vista Ultimate (single-user mode) -FIPS-approved algorithms: AES (Certs. #533 and #534); DSA (Cert. #220); HMAC (Certs. #280 and #281); RNG (Certs. #306 and #307); RSA (Cert. #241); SHS (Certs. #603 and #604); Triple-DES (Cert. #536) -Other algorithms: Diffie-Hellman (key agreement; not allowed in FIPS mode); DSA signature generation (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (sign/verify 512 bits; non-compliant) Multi-chip standalone "The ACE Encryption Engine allows virtual machines to be encapsulated into files which can be saved, copied, and provisioned. VMware Software Cryptographic Implementation is the kernel implementation that enables the VMware ACE application to perform its cryptographic functions such as hashing, encryption, digital signing, etc."
858	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Radio Network Controller Encryption Module Controller (RNC EMC) (Hardware Version: T7289A; Firmware Version: R03.04.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #530) -Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR Multi-chip standalone "The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
857	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Stefan Kotes TEL: 650-216-2082 FAX: 650-216-2565	Tumbleweed Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server SP2; SuSE Linux 9 Enterprise Server SP3; Windows XP SP2; SunOS 5.10; IBM AIX 5.2.0.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #524 and #543); Triple-DES (Certs. #531 and #540); RSA (Certs. #237 and #244); ECDSA (Certs. #54 and #56); SHS (Certs. #597 and #608); RNG (Certs. #300 and #311); HMAC (Certs. #275 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Tumbleweed Security Kernel is a software module implemented as two dynamic libraries that provide all security functionalities for several products of Tumbleweed Communications Corp., including Validation Authority, SecureTransport, and MailGate."
856	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD2; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
855	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Version: 5.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #511); Triple-DES (Certs. #520 and #521); DSA (Cert. #211); RSA (Cert. #224); ECDSA (Cert. #52); SHS (Cert. #581); HMAC (Cert. #263); Triple-DES MAC (Triple-DES Certs. #520 and #521, vendor affirmed); RNG (Cert. 288) -Other algorithms: AES MAC (AES Certs. #510 and #511; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna ® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
854	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2.2 (Hardware Version: VBD-03-0100; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/26/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; MD2-MAC; MD5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
853	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972.(0)3.978.1342 FAX: +972.(0)3.978.1010	eToken PRO HD (Hardware Version: (32K and 64K) 4.28; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
852	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arye, Petach Tikva 49511 Israel -Yaniv Shor TEL: +972-(0)3-978-1342 FAX: +972-(0)3-978-1010	eToken PRO, eToken NG-OTP and eToken NG-FLASH (128 MB, 512 MB and 1 GB) (Hardware Versions: PRO (32K and 64K) 4.28, NG-OTP (32K and 64K) 2.25, NG-FLASH (32K) 4.27; Firmware Version: 2.7 on CardOS 4.2B) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/24/2007	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
851	QUALCOMM Inc. 5775 Morehouse Drive San Diego, CA 92121 USA -QGOV Sales & Marketing TEL: 877-461-4411	Cryptographic Extension for BREW® Cryptographic Engine (Software Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/24/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with LG Firmware OS T98VZV05 with BREW 3.1 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #488); AES (Cert. #473); SHS (Cert.#541); HMAC (Cert. #230); RNG (Cert. #256); DSA (Cert. #194); ECDSA (Cert. #42); RSA (Cert. #194) -Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "QUALCOMMs Binary Runtime Environment for Wireless (BREW®) provides an integrated platform for developing, selling, and distributing wireless applications. The Cryptographic Extension for BREW® is a general-purpose, software-based cryptographic module packaged as a BREW® extension that can be invoked by BREW® applications to permit FIPS 140-2 Level 1 validated general-purpose cryptography."
850	Doremi Cinema LLC 1020 Chestnut Street Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109	Dolphin Board (Hardware Version: P/N Version DOLPHIN-DCI-F; Firmware Versions: 22.00-0 and 22.00-1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #521 and #532); HMAC (Cert. #271); SHS (Cert. #593); RNG (Certs. #297 and #326) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of strength) Multi-chip standalone "The Dolphin Board is a PCI-card that provides a standard definition/high definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin Board utilizes a dual-link encrypted serial digital interface for output of DCI-compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e., trailers, advertisements, etc.)."
849	Comtech Mobile Datacom Corporation 20430 Century Blvd. Gaithersburg, MD 20874 USA -John Fossaceca TEL: 240-686-2146 FAX: 240-686-3301 -Bill Vaughan TEL: 240-686-3300 FAX: 240-686-3301	MTM-203 Satellite Mobile Transceiver (Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: C.3.6.T) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502) -Other algorithms: DES Multi-chip standalone "CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
848	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SCSI SEP v1.0 (Hardware Version: P/N 60-000343/A; Software Version: 27.8; Firmware Version: dccp_2_2_8_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
847	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort LKM SEP v1.0 (Hardware Version: P/N 60-000388/A; Software Versions: 40.3 and 40.4; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 12/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #523); ECDSA (Cert. #53); HMAC (Certs. #273, #274 and #212); RNG (Cert. #299); SHS (Certs. #595, #596 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
846	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort NAS SEP v1.0 (Hardware Version: P/N 60-000340/A; Software Version: 26.10; Firmware Version: dccn_1_7_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
845	Utimaco® Safeware AG Hohemarkstrasse 22 Oberursel, Hessen D-61440 Germany -US Corporate Headquarters TEL: 508-543-1008 FAX: 508-543-1009 -Dr. Christian Tobias TEL: +49-6171-88-1711 FAX: +49-6171-88-1933	SafeGuard Cryptographic Engine (Software Version: 5.00) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/18/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows Server 2003 SP1; Free-BSD Version 5.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #512 and #513); Triple-DES (Cert. #522); HMAC (Cert. #264); SHS (Certs. #582, #583 and #584); RNG (Cert. #289) -Other algorithms: N/A Multi-chip standalone "SafeGuard Cryptographic Engine (SGCE) is a high-performance cryptographic library. It provides cryptographic services to the following products from the SafeGuard solutions: SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto."
844	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 571-236-6942	Sm@rtCafé Expert Embedded Security (Hardware Version: HD65246C1A05BQBC; Firmware Versions: CH463JC_ITIGERRSA_V101 and CH463JC_ITIGERRSA_V102) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Certs. #216 and #536); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed); RNG (Cert. #253) -Other algorithms: DES; DES MAC Single-chip "Sm@rtCafé Expert Embedded Security was developed by G&D and constitutes a complete operating system for smart cards. Providing a complete set of International Organization for Standardization (ISO), Europay, MasterCard and Visa (EMV) and proprietary enhanced commands, the Sm@rtCafé Expert Embedded Security incorporates standards-based functionality along with its own optimized command set."
843	iDirect Technologies, Inc. 13865 Sunrise Valley Drive Herndon, VA 20171 USA -Michael Cohen TEL: 703-463-2262 FAX: 703-648-8015	7350 iNFINITI Satellite Router [1], iConnex-700 [2], iConnex-100 [3], M1D1-T Universal Line Card [4] and 8350 iNFINITI Satellite Router [5] (Hardware Versions: 9130-0062-0002 [1], 9101-2040-0201 [2], 9101-2040-0202 [3], 9101-0040-0008 [4] and 9000-0040-0013 [5]; Software Versions: iDS version 7.1.2 [1, 2, 3 and 4] and iDS version 7.1.3 [5]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/18/2007; 02/06/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #527 and #528); Triple-DES (Cert. # 534); SHS (Cert. #600); RNG (Cert. # 303); RSA (Cert. #238) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "An iDirect Time Division Multiple Access (TDMA) network is composed of a single outroute Single Channel Per Carrier (SCPC) and multiple inroute TDMA carriers. The iDirect TDMA network is optimized for satellite transmissions, squeezing the maximum performance out of the bandwidth provided by satellite links. The system is fully integrated with iDirectÆs Network Management System that provides configuration and monitoring functions. The iDirect network components consist of the Protocol Processor, Hub Line Card (also known as Universal Line Card), and the Ethernet switch with remote modem."
842	Dolby Laboratories, Inc. 100 Potrero Ave. San Francisco, CA 94103 USA -Matthew Robinson TEL: 415-558-0200 FAX: 415-645-4000	CAT904 Dolby® JPEG2000/MPEG2 Processor (Hardware Version: P/N CAT904Z Versions FIPS_1.0, FIPS_1.0.1 and FIPS_1.1; Firmware Version: 3.1.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2007; 03/19/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #519 and #520); SHS (Cert. #592); RNG (Cert. #296); HMAC (Cert. #270); RSA (Cert. #233) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT904 Dolby® JPEG2000/MPEG2 processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
841	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
840	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Mr. Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 version: J2R15E05; DSP version: F7R06F03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 04/29/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #155 and #623) -Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR) Multi-chip standalone "P7130IP Select, P7150IP Scan Portable and M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130IP, P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
839	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB6 - 6.00.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2007; 10/29/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
838	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6717 FAX: +81-467-41-6975 -Daizoh Funamoto TEL: +81-467-41-6116 FAX: +81-467-41-6951	Command Encryption Module (Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	09/11/2007	Overall Level: 2  -EMI/EMC: Level 3 -Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1 -FIPS-approved algorithms: Triple-DES (Cert. #504) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
837	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-4000T and LX-8000S Series Console Servers (Hardware Versions: 600-R3248 RevB, 600-R3249 RevB, 600-R3250 RevB, 600-R3251 RevB, 600-R3252 RevC, 600-R3253 RevC, 600-R3254 RevB, 600-R3255 RevB, 600-R3256 RevB, 600-R3257 RevB, 600-R3258 RevC, 600-R3259 RevC, and 600-R3265 RevA through 600-R3288 RevA (inclusive); Firmware Version: linuxito Version: 4.1.4 and ppciboot Version: 4.1.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/11/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #226); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 178 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 112 bits of encryption strength) Multi-chip standalone "The LX-4000T and LX-8000S Series Console Servers are a key component of MRV¦s Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization¦s networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV¦s Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
836	Thales e-Security Meadow View House Crendon Industrial Estate Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.4 (Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/11/2007; 09/25/2007	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: N/A Multi-chip standalone "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
835	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCM (Hardware Versions: LTK-02-0301 and LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert #579); DSA (Cert #210); RSA (Cert #223); ECDSA (Cert #51); HMAC (Cert #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
834	Nokia Enterprise Mobility Systems Nokia Enterprise Mobility Systems 313 Fairchild Drive Mt View, CA 94043 USA -Jeff Ward TEL: 339-927-6383	Nokia VPN Appliance (Hardware Versions: IP260, IP265, IP1220, and IP1260; Firmware Versions: IPSO v3.9 and Check Point VPN-1 NGX (R60) [HFA-03] and IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007; 09/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #442, #226 and #91); Triple-DES (Certs. #465, #466, #317 and #204); HMAC (Certs. #207, #208, #19 and #203); SHS (Certs. #508, #509, #291 and #500); DSA (Certs. #181 and #204); RSA (Certs. #166, #167 and #215); RNG (Certs. #229 and #201) -Other algorithms: Cast; DES (Certs. #314 and #297); Triple-DES (K3 mode, non-compliant); MD5HMAC; MD5; Arcfour; Blowfish; Twofish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
833	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SAN SEP v2.0 (Hardware Versions: P/Ns 60-000191/A, 60-000337/A; Software Version: 27.8; Firmware Version: dcch2_4_2_10_secure) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511) -Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2 Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
832	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert. #579); DSA (Cert. #210); RSA (Cert. #223); ECDSA (Cert. #51); HMAC (Cert. #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert. #287) -Other algorithms: DES; AES MAC (AES Cert. #508, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
831	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, Microsoft Windows 2000 (single user mode) -FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498, #505 and #573); RNG (Certs. #221 and #227); HMAC (Certs. #201, #205 and #256) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. A plug-and-play solution, the Client encrypts and decrypts communication across the network and protects the device against attacks without user intervention."
830	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2000 FAX: 571-434-2001	CA100 (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/05/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #340); SHS (Cert. #334); HMAC (Cert. #69); RNG (Cert. #92) -Other algorithms: DES; DES MAC; MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CA100 is a centrally managed software IPSec client with VPN and firewall functionality. Unlike traditional IPSec software clients that have both the software client and associated policy locally stored on the client's system, the Cryptek CA100 user policies are stored and dynamically downloaded from our manager, the Cryptek CC200."
829	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Module for Palm OS 5 (Software Version: 2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	09/05/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm OS 5 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #509); AES (Cert. #496); SHS (Cert. #566); HMAC (Cert. #250); RNG (Cert. #276); DSA (Cert. #203); RSA (Cert. #212) -Other algorithms: DES; DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ARC4; MD5; HMAC-MD5 Multi-chip standalone "The Security Builder+ FIPS Module is a standards-based cryptographic toolkit that provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
828	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 SE; Windows Mobile 5.0 PocketPC; Windows Mobile 5.0 PocketPC Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 SP1 (32-bit x86 - VS6.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2) (in single-user mode) -FIPS-approved algorithms: AES (Cert. #490); DSA (Cert. #199); ECDSA (Cert. #47); HMAC (Cert. #244); RNG (Cert. #270); RSA (Cert. #203); SHS (Cert. #560); Triple-DES (Cert. #501) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
827	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.4.34 and 3.8.4.47) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	08/27/2007	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8700c with BlackBerry OS Version 4.2 -FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
826	Giritech Herstedøstervej 27-29 C2 2620 Albertslund, Denmark -Lars S. Christensen TEL: +45 30 763 652 FAX: +45 43 47 54 87	Cryptographic Support Library CryptFacility (Software Version: 1.0.485) (When operated in FIPS mode. This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #562 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional (in single-user mode) -FIPS-approved algorithms: AES (Cert. #216); Triple-DES (Cert. #309); Skipjack (Cert. #14); ECDSA (Cert. #5); DSA (Cert. #79); SHS (Cert. #134); HMAC (Cert. #26); RNG (Cert. #61) -Other algorithms: N/A Multi-chip standalone "The Girtech Cryptographic Support Library CryptFacility is a library implemented in the Giritech G/ON product line that performs all of its cryptographic functionality using a FIPS 140-2 validated library called Crypto++ (Cert #562)."
825	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Klorida Miraj TEL: 425-421-5229 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Version: 6.00.1937) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/27/2007; 11/26/2007; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows CE 6.0 and Microsoft Windows CE 6.0 R2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #516); HMAC (Cert. #267); RNG (Cert. #292); RSA (Cert. #230); SHS (Cert. #589); Triple-DES (Cert. #526) -Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography."
824	Hummingbird Connectivity, a Division of Open Text Corporation 38 Leek Crescent Richmond Hill, Ontario L4B 4N8 Canada -Xavier Chaillot TEL: 514-281-5551 x261 FAX: 514-281-9958	Hummingbird Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/27/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro with SP2 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #206); DSA (Cert. #201); Triple-DES (Cert. #505); AES (Cert. #492); HMAC (Cert. #247); SHS (Cert. #563); RNG (Cert. #273) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD Multi-chip standalone "The Hummingbird Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Hummingbird Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol. The Hummingbird Cryptographic Module is available from Hummingbird Connectivity, a division of Open Text Corporation."
823	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-223-3139 -Wayne Whitlock TEL: 443-327-1489	Model 400 Smart Card (Hardware Version: P5CT072EV7/TOPBC150 Version 1.0; Firmware Version: 3.0, EXFs: PIV application executable Version 19) (PIV Card Application: Cert. #6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	8/22/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #455); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant) Single-chip "SCCOS is a state-of-the-art operating system that offers wide range of authentication services together with the highest levels of security. It offers powerful implementaions for public and secret key encryption supporting RSA, DSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
822	VIACK Corporation 16701 NE 80th St. Suite 100 Redmond, WA 98052 USA -Peter Eng TEL: 425-605-7400 FAX: 425-605-7405	VIA3 VkCrypt Cryptographic Module (Software Versions: 4.2 and 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/17/2007; 03/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #478); RNG (Cert. #258); RSA (Cert. #195); SHS (Cert. #546); HMAC (Cert. #235) -Other algorithms: RC2; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing. VIA3 is a secure online collaboration solution integrating real-time audio and video, instant messaging, application sharing, and access to workspaces."
821	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5510, ASA 5520 and ASA 5540 (Hardware Versions: 5510, 5520, and 5540; Firmware Versions: 7.2.2.18 and 7.2.2.27) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/17/2007; 06/23/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #536 and #789); HMAC (Certs. #125, #283 and 432; RNG (Certs. #144, #309 and #454); RSA (Certs. #106, #242, and #376); SHS (Certs. #196, #606 and #790); Triple-DES (Certs. #217, #538 and #682) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80-bits or 112-bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
820	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 3.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/13/2007; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #489); DSA (Cert. #198); HMAC (Cert. #243); RNG (Cert. #269); RSA (Cert. #202); SHS (Cert. #559); Triple-DES (Cert. #500) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
819	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677 -Donna Shaw TEL: 978-720-2351	Crypto++™ Library (Software Version: 5.3.0 [32-bit and 64-bit]) Validated to FIPS 140-2 Security Policy Certificate	Software	08/13/2007; 08/17/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #17 ); Triple-DES (Cert. #512 ); AES (Cert. #499 ); SHS (Cert. #569 ); DSA (Cert. #206 ); RSA (Cert. #216 ); ECDSA (Cert. #49 ); HMAC (Cert. #253 ); RNG (Cert. #279 ); Triple-DES MAC (Cert #512 vendor afffirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. Both 32-bit and 64-bit variants of the dynamic link library (DLL) are FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
818	Arcot Systems, Inc. 455 West Maude Ave., Suite 210 Sunnyvale, CA 94085-3517 USA -Rob Jerdonek TEL: 408-969-6100 FAX: 408-969-6290	Arcot Core Security Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/10/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2; Microsoft Windows Server 2003 Service Pack 1 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #499); SHS (Cert. #558); HMAC (Cert. #242); RSA (Cert. #201); RNG (Cert. #268) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD2; MD4; MD5; RIPEMD-160 Multi-chip standalone "The Arcot Core Security Module provides FIPS-certified cryptographic functionality to Arcot's authentication, encryption/decryption and digital signing products -- ArcotID "software smart card", Arcot WebFort Authentication Server, Arcot SignFort, and Arcot TransFort for 3-D Secure compliance."
817	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	DPHx Radio with LZA0577 or LZA0577/LZA0578 Cryptographic Module (Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606, 030206, 010507, 020707, 072007, 080407, 091207 and 110507; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05058-0001, 722-05059-0001, 722-05059-0002, 722-05059-0003, 722-05060-0000 and 722-05061-0000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/08/2007; 10/15/2007; 12/18/2007; 04/29/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #436); RSA (Cert. #31); SHS (Cert. #504) -Other algorithms: DES Multi-chip standalone "The DPHx Radio with OTAR is a multi-chip standalone cryptographic module encased in an opaque commercial grade enclosure. As a secure radio, the primary purpose for this device is to provide encrypted digital communication."
816	Neopost Industrie 113, Rue Jean-Marin Naudin Bagneux, 92220 France -Jean-Frantois Le Pottier TEL: +00 33 1 36 45 30 37 FAX: +00 33 1 36 45 3010	N95i/255 Secure Metering Module (SMM) (Hardware Version: 4127410K Version B; Firmware Versions: 4130379C Version E41 (SH1) and 4126898B Version A (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/08/2007; 08/29/2007	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (Cert. #12) -Other algorithms: N/A Multi-chip embedded "The IJ40/50/60 are Neopost mid range of Franking products that incorporate the N95i secure metering module for producing highly secure franking impressions to meet USPS postal requirements. These products are connected to Neopost online services server for greater customer options including E-confirmation for mail tracking."
815	Red Hat, Inc. and Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Glen Beasley TEL: 800-555-9SUN -Robert Relyea TEL: 650-254-4236	Network Security Services (NSS) Cryptographic Module (Software Version: 3.11.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/08/2007; 12/07/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 4 x86; Microsoft Windows XP SP 2; 64-bit Solaris 10; HP-UX B.11.11 with HP-UX Strong Random Number Generator (KRNG11i) bundle; Mac OS X 10.4 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #410 and #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. #172); ECDSA (Certs. #30 and #37); RNG (Cert. #208) -Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
814	Red Hat, Inc. and Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Glen Beasley TEL: 1-800-555-9SUN -Wan-Teh Chang TEL: 650-567-9039 FAX: 650-567-9041	Network Security Services (NSS) Cryptographic Module (Software Version: 3.11.4) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/27/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU; Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU -FIPS-approved algorithms: Triple-DES (Cert. #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. 172); ECDSA (Cert. #30); RNG (Cert. #208) -Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
813	Xceedium, Inc. 30 Montgomery St., Suite 1020 Jersey City, NJ 07302 USA -Marjo F. Mercado TEL: 201-536-1000 x121 FAX: 201-536-1200	GateKeeper (Hardware Version: 4a; Firmware Version: 4.0.0f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/07/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #480); Triple-DES (Cert. #493); SHS (Cert. #549); HMAC (Cert. #236); RSA (Cert. #197); RNG (Cert. #260) -Other algorithms: Diffie-Hellman (key agreement; key establishment method provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant) Multi-chip standalone "Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
812	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J Software Module (Software Version: 3.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/07/2007; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #487); DSA (Cert. #197); HMAC (Cert. #240); RNG (Cert. #264); RSA (Cert. #199); SHS (Cert. #553); Triple-DES (Cert. #497) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
811	Utimaco® Safeware AG Germanusstrasse 4 Aachen, D-52080 Germany -Rainer Herbertz TEL: +49-241-1696-240 FAX: +49-241-1696-199	CryptoServer CS (Hardware Version: P/N CryptoServer CS, Version 2.0.2.0; Firmware Version: 2.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/31/2007	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #492); Triple-DES MAC (Cert. #492, vendor affirmed); AES (Cert. #479); SHS (Cert. #547); RSA (Certs. #196 and #204); RNG (Cert. #259); ECDSA (Cert. #44) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); IDEA; Safer; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC (Cert. #479; non-compliant); DES Multi-chip embedded "The CryptoServer CS is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functionality."
810	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-1000A and FortiGate-3600 (Hardware Versions: FortiGate-1000A (build C4WA49); FortiGate-3600 (build C4KW75); Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
809	AirMagnet, Inc. 1325 Chesapeake Terrace Sunnyvale, CA 94089 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor AM-5010-11-AG, AM-5012-11AG, A5020 and A5023 (Hardware Versions: AM-5010-11-AG, AM-5012-11AG, A5020 and A5023; Firmware Version: 7.5.0-6285) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135) -Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-approved mode; non-compliant); AES (non-approved mode; non-compliant); IDEA; Blowfish; Twofish Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
808	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip embedded "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
807	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD, 300A/300A-HD and 500A/500A-HD (Hardware Versions: FortiGate-200A/200A-HD, FortiGate 300A/300A-HD, and FortiGate 500A/500A-HD; Firmware Version: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/31/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
806	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	ASTRO Subscriber Universal Crypto Module (UCM) (Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A; Firmware Versions: R05.05.02 and R05.05.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/31/2007; 04/04/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
805	NetWeave Integrated Solutions, Inc. 490 Rt 33 W Millstone Twp, NJ 08535 USA -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124 -Ron Byer TEL: 732-786-8830 x120 FAX: 732-786-8832	NetWeave Distributed Services NSK/D30 (Software Version: 2.2v1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Guardian D39 (single-user mode) -FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; IDEA; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "NetWeave Distributed Services (NWDS) is a heterogeneous middleware product that provides a broad base of cross-platform computing services built on a secure high-performance messaging core. While NWDS runs on a variety of platforms, HP systems, particularly the HP NonStopTM Kernel can be found at the core of many NWDS implementations. Specifically, the NWDS NSK/D30 implementation supports HP NSK D39 environments. In all environments, NWDS was standardized on the XYGATE® Encryption Software Development Kit by XYPRO® for its cryptographic services, performance, flexibility and platform coverage."
804	XYPRO® Technology Corporation 3325 Cochran Street, Suite 200 Simi Valley, CA 93063 USA -Sheila Johnson TEL: 805-583-2874 FAX: 805-583-0124 -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124	XYGATE® /ESDK (Software Version: 2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/26/2007: 08/17/2007; 11/26/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with SP 2; HP-UX 11.11; Solaris 10; HP Nonstop Server G06; HP Nonstop Server H06 (in single user mode) -FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515) -Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant) Multi-chip standalone "The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS; and e-mail protocols such as PGP and S/MIME."
803	KoolSpan, Inc. 4962 Fairmont Ave. 2nd Floor Bethesda, MD 20814 USA -Tony Fascenda TEL: 240-880-4400	SecurEdge Lock (Hardware Version: LRF05123; Firmware Version: 3.1.1) (This module contains the embedded module Axalto Cryptoflex e-Gate 32 smart card validated to FIPS 140-2 under Cert. #242 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/26/2007; 08/29/2007	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #388); SHS (Cert. #464); Triple-DES (Cert. #97; key wrapping; key establishment methodology provides 80-bits of encryption strength); RNG (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The KoolSpan Lock is a VHS-Cassette sized device that authenticates users and bridges their Ethernet traffic onto the network. It contains an embedded Smart Card and cryptographic processor. The case is tamper-resistant. Each Lock can support up to 512 simultaneous users each with 256-bit AES encryption. The Lock supports a "Keyless Exchange" and provides both Wi-Fi security and Remote Access (VPN) connections."
802	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Mike McLaughlin, Corporate Triage/CRM Manager TEL: 613-270-3788 -Entrust Sales TEL: 888-690-2424	Entrust Authority™ Security Toolkit 7.2 for the Java® Platform (Software Version: 7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/26/2007; 08/07/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1 running Sun JRE 5.0 and Solaris 10 running Sun JRE 5.0 (Single-user mode) -FIPS-approved algorithms: AES (Cert. #443); Triple-DES (Cert. #467); Triple-DES MAC (Cert. #467, vendor affirmed); DSA (Cert. #187); ECDSA, (Cert. #34); SHS (Cert. #510); HMAC (Cert. #209); RNG (Cert. #231); RSA (Cert. #168) -Other algorithms: CAST128; CAST3; DES; IDEA; RC2; RC4; Rijndael; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); SPEKE; ElGamal; MD2; MD5; DES MAC; IDEA MAC; CAST128 MAC; HMAC-MD2; HMAC-MD5 Multi-chip standalone "Entrust Authority™ Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms."
801	Secured User Inc. 11490 Commerce Park Drive Suite 240 Reston, Va 20191 USA -Ken Hetzer TEL: 703-964-3164 FAX: 703-783-0446 -Bruce Mitchell TEL: 703-964-3167 TEL: 647-477-7892 FAX: 647-477-5052	SUSK Security Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	07/23/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single user mode) -FIPS-approved algorithms: AES (Cert. #474); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SUSK Security Module is a software-based cryptographic module. Secured User's product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
800	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BAC/BAE/BAF (Canada) and 1MES BAC/BAE/BAF (Canada Specimen)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
799	Polycom, Inc. 4750 Willow Road Pleasanton, CA 94588-2708 USA -Robert V. Seiler TEL: 978-292-5452 FAX: 928-292-5943	VSX 7000e and VSX 8000 (Firmware Version: 8.5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
798	Polycom, Inc. 4750 Willow Road Pleasanton, CA 94588-2708 USA -Robert V. Seiler TEL: 978-292-5452 FAX: 928-292-5943	VSX 3000, VSX 5000, and VSX 7000s (Firmware Version: 8.5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/23/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
797	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Security Kernel (Software Version: 7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/03/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #495); AES (Cert. #484); DSA (Cert. #196); SHS (Cert. #551); RNG (Cert. #261); RSA (Cert. #198); HMAC (Cert. #238); ECDSA (Cert. #45) -Other algorithms: DES; DES MAC; CAST; CAST3; CAST5; RC2; RC4; IDEA; MD2; MD5; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); PAKE; AES MAC (non-compliant); NIST 800-90 DRBG RNG (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens."
796	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Security Controller (FC-X) (Hardware Version: FC-X; Firmware Versions: 4.1.1, 4.1.3, 4.1.4 and 4.1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/02/2007; 11/26/2007; 04/04/2008; 05/09/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465 and #538); RNG (Certs. #189 and #190); HMAC (Cert. #174) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA) Multi-chip standalone "The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
795	ViaSat, Inc. 6155 El Camino Real Carlsbad, CA 92009 USA -Ed Smith TEL: 760-476-4995 FAX: 760-476-4703	Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module (Hardware Versions: P/N 1010162, Version 1 and P/N 1010163, Version 1; Firmware Version: 01.03.05) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2007; 08/31/2007; 07/09/2008	Overall Level: 2  - Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #448, #449, #619 and #620); SHS (Cert. #800); HMAC (Cert. #441); ECDSA (Cert. #90); RNG (Cert. #461); KAS (SP 800-56A, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
794	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF2100; Firmware Version: 2.5.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/02/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
793	Sagem Orga Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany -Swantje Missfeldt TEL: +49 52 51 88 90	J-IDMark 64 Open (Hardware Version: HW P/N 01016221; FW Versions: FFFFFFFF, 01016221, 02016247, 03016251) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2007; 04/29/2008	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244) -Other algorithms: N/A Single-chip "The J-IDMark 64 Open is a single chip cryptographic module, which combines an implementation of the latest Sun Java Card TM (Rev 2.2.1) [JCS] / Global Platform (Rev 2.1.1)[GP] specifications with a dual interface chip (with both ISO 7816 contact and ISO 14443 contactless protocols). The module meets the requirements to the FIPS 140-2, Level 4 for physical security, and to the Level 3 for other areas. The module loads and runs applets written in Java programming language. Additional features include biometric & PKI APIs in order to run "Match On Card" and cryptographic services properly."
792	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Java Module (Software Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	06/26/2007; 07/20/2007; 10/12/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit ; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit ; Solaris 9 32-bit ; Solaris 9 64-bit; and Solaris 10 32-bit with 32 bit SPARC processor (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); RSA (Cert. #191); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder® FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder® PKI and Security Builder® SSL."
791	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.4.27 and 3.8.4.28) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/21/2007; 06/21/2007	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 8700c with BlackBerry OS Version 4.2 -FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38) -Other algorithms: EC Diffie-Hellman; ECMQV Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry® ."
790	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 64 v5.4 D (Hardware Version: P/N 77; Firmware Versions: E910-066491, E910-065972, E910-066421) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #425); Triple-DES (Certs. #454 and #455); Triple-DES MAC (Certs. #454 and #455, vendor affirmed); SHS (Cert. #496); RSA (Cert. #160); RNG (Cert. #219) -Other algorithms: AES MAC (Cert. #425; non-compliant); ECDSA (Cert. #32; non-compliant) Single-chip "This single chip module offers a highly secure architecture with state of the art on board cryptographic services such as Triple DES (128 and 192), AES (up to 256 bits), RSA (up to 2048) with ANSI X9.31 on board key generation, SHA1 & SHA 256, ISO 9796, ISO 9797, PKCS#1.5, OAEP, OSS, etc. Additional features include fingerprint Match on Card (ISO 19794-2), Logical Channels and Delegated Management. The module supports Java Card 2.2.1 and Global Platform 2.1.1.A. It is available with up to three communication interfaces (ISO 7816, ISO 14443 & USB)."
789	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Versions: FortiOS 3.00, build 8317, 061121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2007; 02/21/2008	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
788	Neopost Industrie 113, rue Jean-Marin Naudin Bagneaux, 92220 France -Jerome Modolo TEL: +33 1 45 36 34 02 FAX: +33 1 45 36 30 10	IJ25 Secure Metering Module (SMM) (Hardware Version: 4127925W A; Firmware Version: 4130171L K01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: DSA (Cert. #149); ECDSA (Cert. #17); RNG (Cert. #142); SHS (Cert. #392); HMAC (Cert. #123) -Other algorithms: N/A Multi-chip embedded "The module provides services to a small office postal meter. The system's features include hand postage printing using ink jet technology, weighing scale interface, internal modem for remote recrediting, memory card for slogan and rate loading."
787	Attachmate Corporation 1500 Dexter Avenue North Seattle, WA 98109 USA -Steve Poole TEL: 206-217-7500 FAX: 206-217-7515	Attachmate Security Component for Java (Software Version: 1.32) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/21/2007; 04/29/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Linux 4 x 64 and Sun Java Runtime 1.5.0; Mac OS X 10.4.3 and Apple Java Runtime 1.5.0; Windows XP and Sun Java Runtime 1.5.0 (single user) -FIPS-approved algorithms: Triple-DES (Cert. #449); AES (Cert. #419); DSA (Cert. #174); RNG (Cert. #213); RSA (Cert. #156); SHS (Cert. #488); HMAC (Cert. #193) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Attachmate Security Component for Java provides SSL/TLS and cryptographic services for the Attachmate Reflection for the Web product. Reflection for the Web provides centrally managed terminal emulation within a web browser. This cross-platform, server-based solution connects users to applications on IBM, HP, Unix, and OpenVMS hosts, meeting host access needs while minimizing management costs, maximizing IT flexibility, and ensuring high-level security for administrative, terminal emulation, printer emulation, and file transfer operations."
786	L-3 Communications Linkabit 3033 Science Park Road San Diego, CA 92121 USA -Rick Roane TEL: 858-597-9097 FAX: 858-552-9660	MPM-1000 (Hardware Version: 119811-1; Firmware Version: 120435-03/119881-05) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
785	UGS Corporation 5800 Granite Parkway Suite 600 Plano, TX 75024 USA -Doug de la Torre TEL: 425-468-5300	Teamcenter Cryptographic Module (Software Version: 1.1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	06/14/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (x86) and Solaris 8 (64-bit SPARC) (single-user mode) -FIPS-approved algorithms: AES (Cert. #410); DSA (Cert. #170); HMAC (Cert. #183); RNG (Cert. #204); RSA (Cert. #150); SHS (Cert. #477); Triple-DES (Cert. #443) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
784	Check Point Software Technologies Ltd 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	Reflex Magnetics Cryptographic Library (Software Version: 1.0.0.61103) Validated to FIPS 140-2 Security Policy Certificate	Software	06/14/2007; 05/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #466); SHS (Cert. #534); RNG (Cert. #250); RSA (Cert. #188); HMAC (Cert. #225) -Other algorithms: N/A Multi-chip standalone "The Reflex Magnetics Cryptographic Library v1.0 provides cryptographic support for the Check Point Software Technologies Ltd software products. The module is used to perform various cryptographic services including pseudo random number generation, and encryption/decryption using symmetric and asymmetric algorithms."
783	Global Relief Technologies, LLC. 40 Congress Street, Suite 300 Portsmouth, NH 03801 USA -Chip Peter TEL: 603-422-7333 FAX: 603-422-7331	Rapid Data Management Software (RDMS) (Software Version: 2.3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	06/14/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows© Mobile 5.0 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #444); SHS (Cert. #478); HMAC (Cert. #184); RNG (Cert. #205) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Rapid Data Management Software (RDMS) is a software application developed by Global Relief Technologies (GRT) designed for installation on a Personal Digital Assistant (PDA) and cellular communications devices. The device is used during humanitarian and relief efforts in order to gather data and information quickly about the surrounding area to better decide where to allocate resources and what resources are needed."
782	Schweitzer Engineering Laboratories, Inc. 2545 NE Hopkins Court Pullman, WA 99163-5603 USA -Joe Casebolt TEL: 509-336-2408 FAX: 509-336-2406	SEL-3021 Serial Encrypting Transceiver (Hardware Version: P/N SEL-3021 Versions 00016A10 and 00006A10; Firmware Versions: SEL-3021-1-R101-V0-Z001001-D20070521 and SEL-3021-1-R102-V0-Z001001-D20080505) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/14/2007; 06/20/2007; 05/20/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #447); DSA (Cert. #182); SHS (Cert. #512); HMAC (Cert. #213); RNG (Cert. #234) -Other algorithms: N/A Multi-chip standalone "The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device providing strong cryptographic security to new serial communications links and an easy and effective security solution for existing serial communications networks. It is for use on both point-to-point byte oriented communications links and multi-drop networks. The SEL-3021 has preset configuration settings for popular SCADA or PCS protocols like DNP and MODBUS common to PLCs and RTUs. The SEL-3021 also has support for standard MODEM communications."
781	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	PrivateServer (Hardware Version: 4.0; Firmware Version: 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/14/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #349); Triple-DES (Cert. #409); RSA (Cert. #118); SHS (Cert. #424); Triple-DES MAC (Cert. #409, vendor affirmed); RNG (Cert. #185) -Other algorithms: DES; DES MAC; DES Stream; MD5; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. The PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include DES, Triple-DES, AES, DES-MAC, Triple-DES-MAC, RSA, SHA-1, SHA-256, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
780	Gemalto 101 Park Drive Montgomeryville, PA 18936-9618 USA -Nick Hislop TEL: 215-390-2805 FAX: 215-390-2915 -David Teo TEL: 512-257-3895 FAX: 512-257-3881	SafesITe Large Memory Dual Interface Open Platform card (Hardware Version: A1002878; Firmware Version: HM 4v1, SM 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/31/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #463); Triple-DES (Cert. #479); SHS (Cert. #531); RSA (Cert. #183); Triple-DES MAC (Cert. #479, vendor affirmed); RNG (Cert. #248) -Other algorithms: DES Multi-chip embedded "The SafesITe Large Memory Dual Interface Open Platform card provides powerful features that drive PKI applications, digital signature and access control. With a large data storage capacity and two communication interfaces (contact and contactless), the SafesITe smartcard serves as a highly portable credential for securing personal identity, fraud prevention and supporting issuers' e-services strategies"
779	Stonewood Electronics Ltd. Sandford Lane Wareham, Dorset BH20 4DY England -Tim D. Stone TEL: 01929 55 44 00 FAX: 01929 55 25 25 -Peter F. Western TEL: 01929 55 44 00 FAX: 01929 55 25 25	FlagStone Core (Hardware Versions: 1.0.1.1a, 1.0.1.2a, 1.0.1.3, 1.0.2.1a, 1.0.2.2a and 1.0.2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/18/2007; 09/12/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #403 and #630); RNG (Certs. #198 and #361) -Other algorithms: Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the FlagStone Corporate and the FlagStone Freedom Drives. The FlagStone Core and subsequently the FlagStone Drives utilising the FlagStone Core provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
778	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 -Gary Morton TEL: 303-272-4738	Sun Cryptographic Accelerator 6000 (Hardware Version: 375-3424, Revisions -02 and -03; Firmware Version: 1.0.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/18/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #435); AES (Cert. #397); DSA (Cert. #92); SHS (Certs. #171 and #469); HMAC (Certs. #88 and #176); RSA (Cert. #142); RNG (Cert. #108) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
777	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP Passport (Hardware Versions: 4.1 StealthMXP Passport 128MB, 4.1 StealthMXP Passport 256MB, 4.1 StealthMXP Passport 512MB, 4.1 StealthMXP Passport 1GB, 4.1 StealthMXP Passport 2GB, 4.1 StealthMXP Passport 4GB, 4.2 StealthMXP Passport 128MB, 4.2 StealthMXP Passport 256MB, 4.2 StealthMXP Passport 512MB, 4.2 StealthMXP Passport 1GB, 4.2 StealthMXP Passport 2GB, 4.2 StealthMXP Passport 4GB, 4.2 StealthMXP: Liquid Metal Passport 512MB, 4.2 StealthMXP: Liquid Metal Passport 1GB,4.2 StealthMXP: Liquid Metal Passport 2GB and 4.2 StealthMXP: Liquid Metal Passport 4GB with Version 2.3 of FPGA; Firmware Versions: 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/18/2007; 08/07/2007; 09/25/2007; 11/06/2007; 12/20/2007; 01/28/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
776	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Kernel Mode Cryptographic Driver™ for Linux (Software Version: 1.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux RH EL 4 (in single user mode) -FIPS-approved algorithms: AES (Cert. #462); SHS (Cert. #529); HMAC (Cert. #223); RNG (Cert. #247) -Other algorithms: DES; Triple-DES (Cert. #478, non-compliant); Blowfish; MD5; HMAC-MD5; RC2; RIPEMD-160; HMAC-RIPEMD-160 Multi-chip standalone "The F-Secure« Cryptographic LibraryÖ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
775	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (Software Version: 1.4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/18/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SUN Solaris 9 (UltraSparc), HPUX 11i (PA-RISC 2.0), AIX 5.2 (PowerPC), RHEL v4 (IA-32, AMD64, PowerPC, zSeries), SLES 9.1 (IA-32, PowerPC, zSeries), SLES 9.0 (AMD64), Windows Server 2003 with SP1 (AMD64, IA-32) (single-user mode) -FIPS-approved algorithms: AES (Certs. #426 and #468); Triple-DES (Certs. #456 and #484); SHS (Certs. #497 and #535); DSA (Certs. #177 and #192); RSA (Certs. #184 and #189); RNG (Certs. #220 and 252); HMAC (Certs. #200 and #226) -Other algorithms: RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides a minimum of 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; RSA (encrypt/decrypt) Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
774	Sagem Orga Heinz-Nixdorf-Ring 1 33106 Paderborn, Germany -Swantje Missfeldt TEL: +49 52 51 88 90	J-IDMark 64 PIV (Hardware Version: P/N AT58803-H-AA; Firmware Version: 01016221/FFFFFFFF, PIV applet A0000002430015010100010601 V01) (PIV Card Application: Cert. #8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/18/2007; 04/29/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244) -Other algorithms: Single-chip "The J-IDMark 64 PIV is a single chip cryptographic module, which combines a PIV FIPS 201 compliant applet (SP 800-73) loaded on J-IDMark 64 Open, a dual (contact & contactless) interface platform compliant with the latest Java CardTM 2.2/Global Platform 2.1.1 specifications, FIPS 140-2 Level 3 Approved and Level 4 Approved for physical security. Thus J-IDMark 64 PIV module is a reliable and standardized solution for PIV systems, which allow managing physical and logical access to Federal government facilities and systems, by help of identity credentials."
773	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Client (Software Versions: 2.5.6 and 2.5.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/18/2007; 06/20/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, 2000, CE 3.0, CE 4.0 and Linux Kernel 2.4.21-37:EL (in single-user mode) -FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498 and #505); RNG (Certs. #221 and #227); HMAC (Certs. #201 and #205) -Other algorithms: DES; MD5; Blowfish; GUAVA; IDEA; Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength) Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
772		Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/08/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
771	Gemalto Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Anthony Vella TEL: +33 4 42 36 61 38 FAX: +33 4 42 36 52 36	GemXpresso R4 E36/E72 PK (Hardware Version: GXP4-M2612410; Firmware Version: GX4-S_E005 (MSA029)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/08/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #435); Triple-DES (Cert. #462); SHS (Cert. #503); RSA (Cert. #164); Triple-DES MAC (Cert. #462, vendor affirmed); RNG (Cert. #226) -Other algorithms: Single-chip "GemXpresso R4 E36/E72 PK is based on a Gemplus Open OS Smart Card with a large EEPROM memory. The Smart Card platform provides Random Number generation, 3DES, AES, SHA-1 and RSA up to 2048 bits key length as well as RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.2.1 and Global Platform 2.1.1 standards, and is particularly designed to support any application dedicated to meet the very demanding requirements of multi-application government & enterprise security programs."
770	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	Check Point Crypto Core (Software Versions: 1.2 (Win 2000/Win XP/Check Point Pre-Boot/Win Mobile 5/Symbian9) and 1.3 (Win 2003/Vista/Mac OS X 10.5)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/08/2007; 04/29/2008; 09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4 (x86), Windows XP with SP2 (x86), Windows Mobile 5 (ARM and TI OMAP), Symbian 9 (ARM), Microsoft Windows Server 2003 SP2, Windows Vista Ultimate and Mac OS X v10.5 (single user mode) -FIPS-approved algorithms: AES (Certs. #429 and #430); Triple-DES (Certs. #458 and #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SHA-224 (non-compliant) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Win 2K/XP/2K3/Vista, Check Point Pre-Boot, Win Mobile 5, Symbian 9 and Mac OS X. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
769	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4; Microsoft Windows XP with SP 2; Red Hat Advanced Server 3.0 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
768	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Novell Netware 6.5 SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS KeyExchange-RSASign; NetWarePassword; X9.62 PRNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
767	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version: 2.7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Server with SP3 and Q326886 (on Dell Optiplex GX400); Trusted Solaris 8 (on Sunblade 100); SuSE Linux Enterprise Server 8 (on IBM eServer e325) -FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461); -Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
766	Attachmate Corporation 1500 Dexter Ave N Seattle, WA 98109 USA -Zeke Evans TEL: 206-301-6891 FAX: 206-272-1346 -Joe Silagi TEL: 206-217-7655 FAX: 206- 272-1346	Attachmate Crypto Module (Software Version: 1.0.170) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Itanium w/ HP-UX 11iv2 (IA64); Intel Itanium w/ Windows 2003 Server SP1 (IA64); Intel Pentium D w/ Windows 2003 Server SP1 (x64); Intel Pentium 4 w/ Windows 2003 Server SP1; AMD Opteron w/ Solaris 10; UltraSPARC w/ Solaris 8; AMD Opteron w/ SuSE Linux Enterprise Server 9.0 (x64); Intel Pentium 4 w/ SuSE Linux Enterprise Server 9.0; Intel Itanium w/ Red Hat Enterprise Linux 4.0 (IA64); Intel Pentium D w/ Red Hat Enterprise Linux 4.0 (x64); Intel Pentium 4 w/ Red Hat Enterprise Linux 4.0; PA-RISC w/ HP-UX 11iv1; Intel Pentium 4 w/ Sun Solaris 10 (used in single-user mode) -FIPS-approved algorithms: AES (Cert. #417); Triple-DES (Cert. #447); SHS (Cert. #486); DSA (Cert. #173); RSA (Cert. #208); RNG (Cert. #212); HMAC (Cert. #191) -Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; DES MAC; RSA (key wrapping, key establishment methodology provides between 80 and 152 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, systems and security management, and PC lifecycle management products."
765	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Versions: 3.7.1 and 3.8.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/04/2007; 05/08/2007; 10/22/2007; 03/07/2008; 07/28/2008; 08/21/2008	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.4.8; Windows XP Professional SP2 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RSA (Cert. #172); RNG (Cert. #238) -Other algorithms: AES (EME mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; ARC4-128; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP WDE, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
764	Futurex, LLC 864 Old Boerne Road Bulverde, TX 78163 USA -Jason Anderson TEL: 830-980-9782 FAX: 830-438-8782	Excrypt Cryptographic Module (Hardware Version: P/N 9750-0235-R, Version 1.1; Firmware Version: 2.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #369); SHS (Cert. #369); RSA (Cert. #86); RNG (Cert. #122); HMAC (Cert. #133) -Other algorithms: DES (Cert. #327); MD5 Multi-chip embedded "The Excrypt Cryptographic Module (ECM) is a tamper-resistant / responding PCI compatible universal module that provides secure cryptographic processing. The ECM features an Ethernet 10 / 100 interface supporting up to 999 sockets, a serial port, and 1000 3DES / 1000 4096-bit RSA battery backed key storage. The ECM provides TDES and PKI support for key management and electronic payment / funds transfer security. The ECM is used in the ExcryptTM SSP, RMC, PCE, KMS, and SKI Series products."
763	Atmel Maxwell Building Scottish Enterprise Technology Park East Kilbride, G75 0QG Scotland -Steve Mitchell TEL: 00-44-1355-803000 FAX: 00-44-1355-242744	jNet Citadel-OS on Atmel AT90SC144144CT (Hardware Version: P/N AT90SC144144CT, Version AdvX V01.01; Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -Physical Security: Level 4 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #437); Triple-DES MAC (Cert. #437, vendor affirmed); SHS (Cert. #470); RSA (Cert. #144); AES (Cert. #399); RNG (Cert. #214) -Other algorithms: NDRNG Single-chip "The jNet Citadel-OS on Atmel AT90SC144144CT is a Personal Identity Verification Smart Card, HSPD-12 implementation with dual interface I/O. The secure, smart card native OS is fully compliant with NIST 800-73-1 and FIPS PUB 201-1 requirements. The module is used for physical and logical access control to government resources. The AT90SC144144CT is a low-power, high-performance, 8/16-bit microcontroller with Flash program memory and EEPROM data memory, based on the secureAVR enhanced RISC architecture."
762	Data-Pac Mailing Systems Corp. 1217 Bay Road Webster, NY 14580 USA -Ken Yankloski TEL: 585-787-7074 FAX: 585-671-1409 -John Keirsbilck TEL: 585-787-7077 FAX: 585-671-1409	AMERICA2 (PSD) (Hardware Version: 1.0.25.5; Firmware Version: 1.0.20.5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 2  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #453); SHS (Cert. #492); HMAC (Cert. #196) -Other algorithms: Multi-chip embedded "The AMERICA2 (PSD) is a cryptographically secure, tamper proof device capable of storing customer postal credit and then dispensing valid postal indicia. As an embedded multi-chip Cryptographic Device, the AMERICA2 is enclosed within a tamper-response envelope that prevents all physically invasive attacks while still ensuring the retention of all postal data. The AMERICA2 (PSD) generates HMAC indicia as part of Data-Pac's IBI Light Symmetric postage system, which obviates the need for the digital signature used in traditional IBI franking. Data-Pac embeds the AMERICA2 into its line of Digit"
761	Gemalto 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access E-gate V3 (Hardware Version: P/N A1002431, Version A.12; Firmware Version: HardMask 3v1; SoftMask 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/04/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #451); Triple-DES (Cert. #468); Triple-DES MAC (Cert. #468, vendor affirmed); RNG (Cert. #236); RSA (Certs. #169 and #170); SHS (Cert. #514) -Other algorithms: NDRNG; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Cyberflex Access E-gate V3 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. The Cyberflex Access E-gate V3 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. The card incorporates the conventional ISO 7816-3 interface, as well as the USB interface normally resident in the smart card reader, making it especially suitable for usage as a USB token."
760	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	AirFortress® Wireless Security Gateway (Hardware Version: AF7500; Firmware Version: 2.5.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/23/2007; 05/22/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188) -Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
759	Icom Inc. 1-1-32 Kamiminami Hirano-ku Osaka 547-0003 Japan -Chris Lougee TEL: 425-454-8155 FAX: 425-450-1509	Digital Unit UT-120 #10 and #11 (Hardware Version: 1.1; Firmware Version: 3.0 version 2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/13/2007; 11/26/2007; 12/03/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #422); SHS (Cert. #493); HMAC (Cert. #197) -Other algorithms: DES; RNG (non-compliant) Multi-chip embedded "The UT-120 is an optional unit available for Icom radios that provides digital transmission and reception capabilities, as well as, providing secure communication with FIPS approved AES and non-FIPS approved DES."
758	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 525 and PIX 535 (Hardware Versions: 525 and 535; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/11/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: Triple-DES (Certs.#298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124), RSA (Certs. #105 and #107), DSA (Certs. #150 and #152) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 112 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
757	Lexmark International, Inc. 740 West Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000	Lexmark PrintCryption (Firmware Version: 1.3.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	04/11/2007; 05/22/2007	Overall Level: 1  -Tested: T640, T642, T644, C920, W840, C534, T630, T632, T634, C760, C762, C912, W820, X644e, X646e, X646dte, X850e, X852e, X854e, C772, C782, C935 and X945e; Lexmark ver. 2.4 O/S -FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360, and #470); AES (Certs. #273, #274, #275, #276, #277, and #452); RSA (Certs. #73, #74, #75, #76, #77, and #171); SHS (Certs. #350, #351, #352, #353, #354, and #515); HMAC (Certs. #89, #90, #91, #92, #93, and #215); RNG (Certs. #100, #101, #102, #103, #104, and #237) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Lexmark PrintCryption Card is an option for the Lexmark T, C, W, and X series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
756	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Wireless Access Bridge ES520 (Hardware Version: ES520; Firmware Versions: 2.6.1, 2.6.3 and 2.6.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/11/2007; 05/22/2007; 12/07/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #423); SHS (Cert. #494); HMAC (Cert #198); RNG (Cert. #218) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); RSA (non-compliant); Blowfish; DES; RC2; RC4; RC5; Safer; Skipjack; DSA (non-compliant); MD2; MD4; MD5; GUAVA; IDEA; Triple-DES Multi-chip standalone "The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
755	Sharp Corporation 1-9-2, Nakase Mihama-ku, Chiba-shi, Chiba 251-8520 Japan -Kazuhiro Yaegawa TEL: +81-43-299-8368 FAX: +81-43-299-8741	SHARP JCOP31ID FIPS (Hardware Version: P/N SM4128(V3)A7; Firmware Version: HAL v1.1.06, IBM JCOP31IDv2.2OS Release Level 0400) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/11/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #439); Triple-DES MAC (Cert. #439, vendor affirmed); AES (Cert. #402); RSA (Cert. #147); RNG (Cert. #197); ECDSA (Cert. #33); SHS (Cert. #472) -Other algorithms: DES; AES MAC (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECSVDP Single-chip "The single-chip module is a 16-bit Sharp processor and a specifically modified version of the IBM JCOP 31-ID Java Card software satisfying the FIPS 140-2 requirements. The single-chip module provides an operational environment with up to 640 kBytes of Cryptographic Officer/Issuer available non-volatile memory. The defined user space allows for multiple validated applets to be concurrently loaded and used, as well as supporting re-issuance capability. The primary purpose for this device is to provide data security for Personnel Identification."
754		Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/02/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
753		Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/02/2007	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
752	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Software Application Java Comm Crypto Module, Version 5.0 (Software Version: 5.0.2 build 12-9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #374); SHS (Cert. #376); HMAC (Cert. #110) -Other algorithms: DES, Triple-DES (ECB, CBC, and OFB modes; non-compliant) Multi-chip standalone "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Some of the key components of the ETM System are: the Management Server, Report Server, Performance Manager, and Usage Manager. These components are written in the Java programming language and are used in a distributed architecture across an enterprise LAN or WAN. These components utilize a library of Triple DES encryption routines to secure their network communications."
751	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Software Application C Comm Crypto Module, Version 5.0 (Software Version: 2.0 build 11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #375); SHS (Cert. #377); HMAC (Cert. #111) -Other algorithms: DES Multi-chip standalone "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. The ETM System's C Language Applications Dynamic Link Library provides Triple DES encryption routines for Windows-based ETM Applications. The C Language DLL is used to secure network communications between the ETM Collection Server and ETM Call Recorder Cache Appliances."
750	IBM® Corporation 11505 Burnet Rd. Austin, TX 78758 USA -Jacqueline Wilson TEL: 512-838-2702 FAX: 512-838-3509 -Martin Clausen TEL: +45 45 23 33 38	IBM CryptoLite for C (Software Version: 3.23) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/23/2007	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with AIX 5200-07 (32-bit kernel), AIX 5200-07 (64-bit kernel), AIX 5300-03 (32-bit kernel), AIX 5300-03 (64-bit kernel) (single-user mode) -FIPS-approved algorithms: AES (Cert. #498); Triple-DES (Cert. #511); SHS (Cert. #568); DSA (Cert. #205); RSA (Cert. #214); RNG (Cert. #278); HMAC (Cert. #252) -Other algorithms: RC2; CAST-5; CAST-6; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; MD2; HMAC-MD2; HMAC-MD5; Whirlpool; Arc-Four; DES Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
749	Hitachi, Ltd. Hitachi System Plaza Shin-Kawasaki 890 Kashimada, Saiwai-ku Kawasaki, Kanagawa 212-8567 Japan -Yoshiaki Kawatsura TEL: 81-44-549-1755 FAX: 81-44-549-1756 -Manabu Natsume TEL: 81-44-549-1755 FAX: 81-44-549-1756	Hitachi One-Passport PKI Card Application on Athena Smartcard Solutions OS755 for Renesas XMobile Card Module (Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.7; Application Program Product C-9550-702 One-Passport PKI Card Application Versions 03-00 and CX 03-00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/23/2007; 04/26/2007	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #428; key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES MAC (Cert. #428, vendor affirmed); SHS (Certs. #315 and #458); RSA (Certs. #57 and #135); RNG (Certs. #75 and #209) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant) Single-chip "The One-Passport PKI solution provides a remote access environment through the Internet for general commercial uses by private companies. It consists of XMC Cards, PC Software, and PDA Software. Under the One-Passport PKI environment, employees such as sales persons can access their corporate mail servers and other corporate information from their satellite office, home, or other places outside the office. In order to avoid unexpected leakage of information during such remote access, the One-Passport PKI solution uses the VPN technique and PKI based authentication method."
748	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Stealth MXP (Hardware Versions: 4.0 StealthMXP 128MB, 4.0 StealthMXP 256MB, 4.0 StealthMXP 512MB, 4.0 StealthMXP 1GB, 4.0 StealthMXP 2GB, 4.0 StealthMXP 4GB, 4.1 StealthMXP 128MB, 4.1 StealthMXP 256MB, 4.1 StealthMXP 512MB, 4.1 StealthMXP 1GB, 4.1 StealthMXP 2GB, 4.1 StealthMXP 4GB, 4.2 StealthMXP 128MB, 4.2 StealthMXP 256MB, 4.2 StealthMXP 512MB, 4.2 StealthMXP 1GB, 4.2 StealthMXP 2GB, 4.2 StealthMXP 4GB, 4.2 StealthMXP: Liquid Metal 512MB, 4.2 StealthMXP: Liquid Metal 1GB, 4.2 StealthMXP: Liquid Metal 2GB and 4.2 StealthMXP: Liquid Metal 4GB with Version 2.3 of FPGA; Firmware Versions: 4.16, 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2007; 05/01/2007; 08/07/2007; 09/25/2007; 11/06/2007; 12/20/2007; 01/28/2008; 06/23/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: Multi-chip standalone "Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
747	SecureLogix Corporation 13750 San Pedro Suite 230 San Antonio, TX 78232 USA -Timothy J. Barton TEL: 210-402-9669 FAX: 210-402-6996 -Jane Byrne TEL: 210-402-9669 FAX: 210-402-6996	ETM® System Firmware Appliance C Comm Crypto Module, Version 5.0 (Firmware Version: 5.02.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/23/2007	Overall Level: 1  -Tested: ETM® System Appliance Model 3200 with Linux 2.6 (locked down) -FIPS-approved algorithms: Triple-DES (Cert. #373); SHS (Cert. #375); HMAC (Cert. #109) -Other algorithms: DES Multi-chip embedded "The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Primary components of the ETM System are the ETM Appliances, custom designed devices installed inline on the telecommunication circuits to monitor and control VoIP, PRI, CAS, SS7, and analog voice traffic. The system uses a C library of TDES encryption routines to secure their network communications."
746	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Linux (Software Version: 1.0.1) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007; 06/13/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the Netfilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
745	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/23/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
744	Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: NDRNG Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
743	Encryption Solutions, Inc. 1740 E. Garry Ave. Suite 110 Santa Ana, CA 92705 USA -Frederick C. Meyer TEL: 949-660-0102 FAX: 949-660-0202	SkyLOCK™ Encryption Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/09/2007	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on an HP Pavilion dv8210us computer; Windows XP Professional SP2 running on an HP Pavilion zt1175 computer; Windows XP Professional SP2 running on a Dell Optiplex GX270 computer -FIPS-approved algorithms: AES (Cert. #413); SHS (Cert. #482); HMAC (Cert. #187) -Other algorithms: SkyLOCK™ Data Protection Scheme Multi-chip standalone "The SkyLOCK cryptographic module will be used by Encryption Solutions, Inc. to provide clients with a fast, efficient, and secure solution for protecting information, data and files. The SkyLOCK cryptographic module is the core of all products in the SkyLOCK family. With uses including data storage, file transfer, streaming, and email, SkyLOCK products cover a wide range of security applications and needs. These robust software products provide security in both wired and wireless environments."
742	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder® FIPS Module for ADS 1.2 (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/01/2007; 07/20/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Phillips RTK-E OS (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #452); AES (Cert. #421); SHS (Cert.#491); HMAC (Cert. #195); RNG (Cert. #217); DSA (Cert. #176); ECDSA (Cert. #31); RSA (Cert. #159) -Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 57 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 57 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module for ADS 1.2 is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
741	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -nCipher Sales TEL: 800-NCIPHER FAX: 781-994-4001	Ultralock Symmetric Module (Hardware Version: 010-00007 a.00) (When operated in FIPS mode and using the nForce Ultra Asymmetric Module validated to FIPS 140-2 under Cert. #740 and nCipher MiniHSM validated to FIPS 140-2 under Cert. #672 when operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/01/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #345); AES (Cert. #263); SHS (Cert. #342); HMAC (Cert. #75) -Other algorithms: DES; RC4; MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Ultralock Symmetric Module performs all the cryptography required for SSL/TLS applications. This module is a common element of the Britestream BN2010 SSL Security ASIC, the industry's first single-chip solution for completely off-loading SSL/TLS processing from host systems. The innovative in-line architecture combines TCP."
740	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce Ultra Asymmetric Module (Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/01/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The nForce Ultra Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for archieving FIPS 140-2 certification of the overall system that the module is used in."
739	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa,, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	ProtectServer Gold (Hardware Version: Revisions B2 and B3; Firmware Version: 2.03.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/01/2007; 03/20/2007; 04/26/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #382); Triple-DES (Cert. #426); SHS (Cert. #457); HMAC (Cert. #171); RNG (Cert. #184); RSA (Cert. #134); DSA (Cert. #166); ECDSA (Cert. #26); Triple-DES MAC (Cert. #426, vendor affirmed) -Other algorithms: DES; DES MAC; AES MAC (non-compliant); CAST 128; CAST MAC; IDEA; IDEA MAC; RC2; RC2 MAC; SEED; SEED MAC; MD2; MD5; HMAC MD5; RC4; RIPEMD-128; RIPEMD-160; HMAC RMD128; HMAC RMD160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
738	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-030-2 Security Server Cryptographic Core (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/08/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Server with SP4 and Windows 2003 with SP1 (in single user mode) -FIPS-approved algorithms: AES (Certs. #415 and #428); HMAC (Cert. #189); RNG (Cert. #210); RSA (Cert. #153); SHS (Cert. #484) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The 3e-030-2 Security Server Cryptographic Core (Version 3.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS-like back-end Authentication Server, capable of dynamic key exchange, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES (ECB mode; 256-bit key size), SHA-1, HMAC-SHA1, RSA sign/verify, FIPS 186-2 (Appendix 3.1 and 3.2 3.3) PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman"
737	TriCipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	TriCipher Armored Credential System (TACS) (Hardware Versions: 1000 and 2000; Firmware Versions: 3.1, build 255 and 3.1.1, build 261) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/08/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #413); RSA (Cert. #120); SHS (Cert. #430); HMAC (Cert. #159); RNG (Cert. #170) -Other algorithms: MD5; RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The TriCipher Armored Credential System (TACS) provides a single platform that can issue and support a flexible range of credentials from a single infrastructure."
736	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	JUNOS-FIPS-L2 Cryptographic Module ((Chassis Model Numbers nnnn (T640, T320, M320 and M40e); Hardware P/Ns [nnnnBASE Rev A, RE-600 (RE3) Rev A,DOC-FIPS-140-2-L2-KIT Rev A] and [nnnnBASE Rev A, RE-1600 (RE4) Rev A, DOC-FIPS-140-2-L2-KIT Rev A]; Firmware Versions 7.2R1.7 and 7.4R1.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344) -Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The JUNOS-FIPS-L2 Cryptographic Module is a multi-chip standalone cryptographic module (for Juniper Networks T-Series and M-Series routers) that executes JUNOS-FIPS firmware. JUNOS-FIPS is a release of the JUNOS operating system, the first routing operating system designed specifically for the Internet. JUNOS is currently deployed in the largest and fastest-growing networks worldwide. A full suite of industrial-strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes."
735	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6202 FAX: 954-888-6211	Datacryptor® SONET/SDH v1.00 (Hardware Version: 1600X40 (Options 4 and 6) v1.00; Firmware Version: v1.00 (Rev43)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #366); DSA (Cert. #159); SHS (Cert. #439); RNG (Cert. #175) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Datacryptor« SONET/SDH v1.00 is a multi-chip standalone cryptographic module. It secures communications using signed Diffie-Hellman key exchange and AES-256 encryption over SONET/SDH networks. It provides data encryption and OC-3, OC-12 and OC-48 data rates. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
734	Thales Communications, Inc 22605 Gateway Center Drive Clarksburg, MD 20871 USA -George Korus TEL: 240-864-7646	Thales 25 Portable Radio (Hardware Version: PRC6894; Firmware Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/06/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert# 347); SHS (Cert# 421); HMAC (Cert# 150) -Other algorithms: DES Multi-chip standalone "The Thales 25 portable radio (T25) is a small, light, and rugged radio that meets the requirements of the Association of Public Safety Communications Officials (APCO) Project 25 Common Air Interface (CAI) Standard. The T25 supports Project (P25) digital voice and data encryption operation, as well as Motorola Key Variable Loader (KVL). It supports full multi-mode operation over a frequency range of 136 to 174 MHz and features high quality, error-corrected, digital voice and AES Encryption."
733	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: opensslfips1.1.1.tar.gz; Resultant Compiled Software Version: 1.1.1) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/06/2007;11/30/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #451); AES (Cert. #420); SHS (Cert. #490); HMAC (Cert. #194); RSA (Cert. #177); DSA (SigVer, Cert. #175); -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (Cert. #216, non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175, non-compliant); Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
732	Hitachi, Ltd. Hitachi System plaza Shinkawasaki, 890 Kashimada, Saiwai Kawasaki, Kanagawa Perfecture 212-8567 Japan -Yutaka Takami TEL: +81-44-549-1755 FAX: +81-44-549-1756 -Tomomi Haruna TEL: +81-44-549-1755 FAX: +81-44-549-1756	Personal Identity Verification Application on Hitachi MULTOS Smart Chip (Hardware Version: AE45X1; Firmware Version: 1.0) (PIV Card Application: Cert. #3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/25/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RNG (Cert. #186); Triple-DES (Cert. #429) -Other algorithms: RSA (non-compliant) Single-chip "The HITACHI MULTOS Smart Chip is a single chip for smart cards with a dual interface (contact and contactless), which is compliant with MULTOS. The MULTOS OS is a high-security multi-application smart card operating system and Key Management Infrastructure which provides Card Issuers with the opportunity to define their own card programmes, delivering services with their own smart card applications or those of other third-party Application Providers."
731	Taua Biomatica S/A Rua do Rosario 103 / 13 andar Rio de Janeiro, RJ 20041-004 Brazil -Marcio Lima TEL: 55-21-2232-1321 FAX: 55-21-2531-0255	Zyt Cryptographic Module (Hardware Version: P/N PM400002-9, Version 3; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/08/2007	Overall Level: 3  -FIPS-approved algorithms: RSA (Certs. #36 and #37); SHS (Certs. #282 and #283); RNG (Cert. #47) Triple-DES (Cert. #294); -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5 Multi-chip embedded "Taua Biomatica has developed an innovative product, the Zyt, created to offer the highest security level for Internet transactions. It was designed to digitally sign documents and transactions, integrating the most modern biometrical technologies, digital certification and cryptography. It is composed of a fingerprint sensor for the user's positive identification, a smart card reader for private key and digital certificate storage, a liquid crystal for transaction display, and a USB port for communication with the PC."
730	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Tom Gilbert TEL: 703-631-0700 FAX: 703-631-9588	BorderGuard X.509 VPN Client (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/08/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode) -FIPS-approved algorithms: AES (Certs. #386 and #418); Triple-DES (Certs. #432 and #448); HMAC (Certs. #173 and #192); SHS (Certs. #463 and #487) -Other algorithms: MD5; DES; IDEA; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (non-compliant); RNG (non-compliant) Multi-chip standalone "The BorderGuard VPN Client is a security enhanced VPN Client which is used for establishment of secure Virtual Private Network with a BorderGuard network security appliance and individual remote access users."
729	Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: 6506, 6506-E, 6509 and 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions: 4.1 (SUP720-3B) and 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Versions: 12.2(18)SXF4, Build adventerprisek9 (Supervisor) and 3.2.116.21 (WiSM)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #369 and #368); SHS (Certs. #442 and #441); HMAC (Cert. #164); RSA (Certs. #124 and #123); RNG (Cert. #177); CCM (Cert. #10) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
728	Extreme Networks 3585 Monroe Street Santa Clara, CA 95051 USA -Prasad Yerneni TEL: 408-579-3379	Sentriant CE150 (Hardware Version: A; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/21/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The Sentriant CE150 is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, it has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
727	Ceragon Networks, Ltd. 24 Raoul Wallenberg Street Tel-Aviv, 69719 Israel -Yossi Sarusi TEL: 972 3 7666436 FAX: 972 3 6455559 -Boris Radin TEL: 972 3 76668160 FAX: 972 3 6455559	FibeAir®1500P™ Secure Basic Indoor Unit (Hardware Version: mux_fal2_4.084.s.frx; Firmware Version: idc_swr_4.80s28.s.idn) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #395 and #396); RNG (Cert. #192); RSA (Cert. #141); SHS (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "High capacity broadband wireless system which provide FIPS compliant secure operation."
726	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523-F2 Secure Multi-function Wireless Data Point (Hardware Versions: HW V1.0 and V1.1; Firmware Version: 4.1.7.2) (When operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/18/2006; 09/25/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #238); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22); RSA (Cert. #129); CCM (Cert. #1) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
725		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
724		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
723	Thales e-Security Meadow View House Crendon Industrial Estate, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.3 (Hardware Version: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/18/2006; 09/25/2007	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
722	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 (Firmware Version: NGX (R60) with hot fix HFA-03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/08/2006; 01/04/2007; 05/02/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 -Tested: Check Point SecurePlatform Operating System, version NGX (R60) HFA-03 on General Purpose Computing platform with single and dual Intel XEON® and single and dual AMD Opteron® processor configurations -FIPS-approved algorithms: Triple-DES (Cert. #338); AES (Cert. #257); SHS (Cert. #332); HMAC (Cert. #67); RSA (Certs. #66 and #132); RNG (Cert. #90) -Other algorithms: DES (Cert. #314); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 202 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NGX (R60) with hot fix HFA-03 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
721	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Thierry Le Jaoudour TEL: 01 45 36 30 00 FAX: 01 45 36 30 10	N30i/N30ig - 135/136 Meter (Hardware Version: P/N 4127205W; Firmware Versions: P/N 4132525N V50.0, P/N 4134515L/A V50.02 and P/N 4134515L/B V50.03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2006; 12/19/2006; 09/12/2008	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: DSA (Cert. #61); Triple-DES (Cert. #119); Triple-DES MAC (Cert. #119, vendor affirmed); SHS (Certs. #391 and #455); RNG (Cert. #141) -Other algorithms: Multi-chip embedded "Cryptographic software module used in the N30i/N30ig - 135/136 Postage Meter."
720	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 4.5 on z/OS) (When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessor validated to FIPS 140-1 under Cert. #118 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
719	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 3.7 on UNIX) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Solaris 10, IBM AIX 5.3, and HP-UX 11i (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #288, #423, and #424); AES (Certs. #192 and #380); SHS (Certs. #272, #451, #452, and #453); HMAC (Certs. #7 and #168); DSA (Cert. #164); RNG (Certs. #39 and #182) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; MD5 Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
718	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Security Controller (FC-X) (Hardware Version: FC-X; Firmware Versions: FC-X 4.0.3 and 4.0.4) (When operated in FIPS mode.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 08/31/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465); RNG (Certs. #189 and #190); HMAC (Cert. #174) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA) Multi-chip standalone "The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
717	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6.1 (Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 01/05/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
716	D'Crypt Private Limited 20 Ayer Rajah Crescent #08-08 Technopreneur Centre Singapore, 139964 Singapore -Quek Gim Chye TEL: (65) 6776-9210 FAX: (65) 6873-0796	d'Cryptor ZE Cryptographic Module (Hardware Version: P/N DC-ZEN2-41 v4.1, DC-ZEN4-41 v4.1; Firmware Version: Kernel v4.5, LFM v2.1, AFM v2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #332); Triple-DES (Cert. #396); SHS (Cert. #407); RSA (Cert. #113); HMAC (Cert. #136); RNG (Cert. #153) -Other algorithms: DES (Cert. #328; v3.0) Multi-chip embedded "The d'Cryptor ZE Cryptographic Module is a micro-token targeted at high security embedded applications. Central to the next generation of d'Cryptor products where it serves as a secure coprocessor, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
715	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Version: P/N 7011-30967-000 Versions 050306, 030207 and 051208; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006; 04/26/2007; 12/18/2007; 06/23/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; NDRNG Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
714	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5.2 [1] and 3.5.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/02/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode). -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Certs. #71 [1] and #186 [2]); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 non-compliant, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
713	Sagem Orga Am Hoppenhof 33 Paderborn, 33104 Germany -Fabien Guichon TEL: 49 52 51 88 90	J-IDMark 64 (Hardware Version: HW P/N AT58829-C-AA, Version 01; Firmware Version: FW Version J-IDMark 64 IDT 005) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/02/2006	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Certs. #459 and #460); RSA (Certs. #136 and #137); Triple-DES (Cert. #430); Triple-DES MAC (Cert. #430, vendor affirmed); RNG (Cert. #187) -Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The J-IDMark 64 is a single chip cryptographic module, compliant with Global Platform 2.0.1 and Sun Java Card TM 2.1.1. It runs a proprietary Applet, ID v1, which includes the following features: - A PKI-based digital signature for secure transactions and digital certificate management. - Secure storage of data and identification management rights (driving licenses, health care entitlement, car certificate, etc.). - A Match On Card mechanism which performs fingerprint verification. The J-IDMark 64 module meets the requirements to the Level 4 of FIPS 140-2 for physical security."
712		Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/27/2006	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
711	Kenwood Corporation 1-16-2, Hakusan, Midori-ku, Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A1.0.0 and A1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/16/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #363); SHS (Cert. #437) -Other algorithms: DES; LFSR Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing Kenwood radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
710	Ecutel Systems, Inc. 2300 Corporate Park Drive Suite 410 Herndon, VA 20171 USA -Dzung Tran TEL: 571-203-8300	Ecutel Cryptographic Service Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/16/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP; Windows Mobile for Pocket PC 2003; Linux RedHat Kernel 2.6 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #381); Triple-DES (Cert. #425); SHS (Cert. #456); HMAC (Cert. #170); RNG (Cert. #183) -Other algorithms: Multi-chip standalone "The Ecurtel Cryptographic Service Module (ECSM) is a cryptographic library that offers cryptographic functionalities to Ecutel products only. It is installed on a machine as a constituent of host application."
709	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 and StrongROM v3.1 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0; Firmware Version: StrongROM v3.1) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	10/17/2006	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #343 and #344); RSA (Certs. #114 and #115); SHS (Certs. #83, #418, and #419); HMAC (Certs. #105 and #147); HMAC (Cert. #83, vendor affirmed); RNG (Certs. #118 and #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
708	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/11/2006	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #344); RSA (Cert. #115); SHS (Certs. #83 and #419); HMAC (Cert. #147); HMAC (Cert. #83, vendor affirmed); RNG (Cert. #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
707	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 871, 876, 877 and 878 Integrated Services Routers (Hardware Versions: 1.0 (871), 1.0 (876), 1.0 (877) and 1.0 (878); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/11/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #389 and #390); AES (Certs. #324 and #325); RNG (Cert. #147); SHS (Certs. #398 and #399); HMAC (Certs. #131 and #134) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 870 Series fixed-configuration integrated services routers support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices. They run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. These routers also offer Stateful Inspection Firewall, IP security (IPSec) VPNs, intrusion prevention system (IPS), antivirus support, and secure WLAN 802.11b/g option with use of multiple antennas."
706	Britestream Networks, Inc. 12401 Research Boulevard Bldg 2, Suite 275 Austin, TX 78759 USA -Rick Hall TEL: 512-250-2129 x135 FAX: 512-250-9068	Britestream nCipher Asymmetric Module (Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/27/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Britestream nCipher Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for achieving FIPS 140-2 certification of the overall system that the module is used in."
705	SETECS Inc. and Gemalto 8070 Georgia Avenue Silver Spring, MD 20910 USA -Sead Muftic TEL: 301-587-3000 FAX: 301-587-7877 -Nick Hislop TEL: 610-202-4942 FAX: 215-390-2915	SETECS Inc. OneCARD™ PIV-II Java Card Applet on Gemalto GemCombi'Xpresso R4 E72K PK card (Hardware Version: GCX4-M2569420; Firmware Version: GCX4-FIPS EI07, Applet Version: SETECS Inc. OneCARD™ PIV-II Java Card Applet Version 1.2) (PIV Card Application: Cert. #4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. #168) -Other algorithms: N/A Single-chip "SETECS OneCARD(TM) is the smart card created as the combination of SETECS OneCARD(TM) PIV-II Java Card Applet and Gemalto GemCombi'Xpresso R4 E72K PK card. SETECS OneCARD(TM) Card (PIV Card) is the full implementation of the FIPS 201 card application (PIV applet) with all required access rules and protocols. The PIV Card contains all mandatory and optional data objects, as specified in the NIST Special Publication 800-73-1. The GCX4 is based on a Java platform with 72K EEPROM memory. The module provides dual interfaces (i.e. contact and contactless) where the same security level is achieved."
704	Utimaco® Safeware AG Hohemarkstraße 22 Oberursel, D-61440 Germany -US Corporate Headquarters TEL: 508- 543-1008 FAX: 508- 543-1009 -Dr. Christian Tobias TEL: +49 6171 88 1711	SafeGuard Easy (Software Version: 4.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode) -FIPS-approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438) -Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES Multi-chip standalone "SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
703	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: (US) 1M00 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Specimen) 1M03 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Gov.) 1M05 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (UN) 1M08 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (Royal Mail) 1M20 AAA/AAC/AAD/BAA/ABA/ ABB/BAB/BAE/BAF, (Royal Mail Specimen) 1M23 AAA/AAC/AAD/BAA/ABA/ABB/BAB/BAE/BAF) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2006; 04/26/2007; 05/14/2007	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: DSA (Cert. #153); SHS (Cert. #395); Triple-DES (Cert. #386); Triple-DES MAC (Cert. #386, vendor affirmed); RNG (Cert. #146) -Other algorithms: Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
702	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models (Hardware Versions: 2:0 (1801), 4.0 (1802), 3.0 (1803) and 3.0 (1811) and 3.0 (1812); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #414 and 415); AES (Certs. #357 and 358); RNG (Cert. #171); SHS (Certs. #432 and 433); HMAC (Certs. #156 and 157) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 1800 Series fixed-configuration integrated services routers enable a network infrastructure for SMBs and enterprise small branch offices. They enable deployment of a single device to provide multiple services, including integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and quality of service (QoS). The Cisco IOS Software Advanced IP Services feature set facilitates hardware-based IPSec encryption and features such as Cisco IOS Firewall, URL Filtering, IPS support, IPSec VPNs, Dynamic Multipoint VPN (DMVPN), anti-virus support, SSH 2.0, and SNM"
701	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge (Hardware Versions: AP1131AG: C0; AP1232AG: A0; AP1242AG: A0; BR1310G: C0; Firmware Version: 12.3(8)JA2(ED)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/23/2006; 12/19/2006; 02/27/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #356 and #370); CCM (Cert. #11); SHS (Cert. #428); HMAC (Cert. #154); RNG (Cert. #169) -Other algorithms: MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco Aironet 1131AG, 1242AG, 1232AG, and 1310G access points deliver the versatility, high capacity, security, and enterprise-class features required for autonomous based Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i standard and Advanced Encryption Standard (AES). The Cisco APs are Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
700	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 and 6000 Series (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 80 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
699	WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007; 07/05/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Pro with Service Pack 3; Windows XP Pro with Service Pack 2; Windows 2000 Advanced Server; Windows 2000 Server; Windows 2003; Windows Vista -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
698	WinMagic Incorporated 200 Matheson Blvd W. 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Professional, Server and Advanced Server with Service Pack 3 and Q326886 Hotfix running on a Dell OptiPlex GX400 PC -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
697	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 2500 Identity and Access Management Appliance (Hardware Version: Rev 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
696	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 500 Identity and Access Management Appliance (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
695	Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet LWAPP AP1131AG, Cisco Aironet LWAPP AP1231G, Cisco Aironet LWAPP AP1232AG, and Cisco Aironet LWAPP AP1242AG Wireless Access Points (Hardware Version: 1131, Revision C0; 1231, Revision A0; 1232, Revision A0; 1242, Revision A0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/04/2006; 06/11/2007; 08/07/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370 and #373); CCM (Certs. #11 and #12); SHS (Cert. #443); HMAC (Cert. #165); RNG (Cert. #178); RSA (Cert. #125) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
694	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523 and 3e-523-F1 WLAN Products (Hardware Versions: 3e-523 V1.0, 3e-523-F1 V1.0; Firmware Version: 3.4, Build 5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/21/2006; 08/01/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #200); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The 3e-523 and 3e-523-F1 WLAN products provide wired connections for Ethernet and Serial devices. This connection can be over an Ethernet 10/100 baseT RJ-45 and/or via RS-232/422/485 interface. The 3e-523 and 3e-523-F1 wireless connection can be configured to use IEEE 802.11a/b/g with Layer 2 AES or TDES encryption. The wireless connectivity is a wireless bridging function to, for example, another 523, a 3e-525A-3 Wireless Access Point, or similar device. The 3e-523 and 3e-523-F1 are ideal for connecting RFID readers, sensors, and other data devices (printers, terminals, etc.) into a secur"
693	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Version: 4402 and 4404; Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/20/2006; 10/10/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #368 and #369); CCM (Cert. #10); SHS (Certs. #441 and #442); HMAC (Cert. #164); RNG (Cert. #177); RSA (Certs. #123 and #124) -Other algorithms: RC4; MD5; HMAC MD5; Triple-DES; AES-CTR (non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
692	Federal Reserve Bank of Boston 600 Atlantic Avenue Boston, MA 02210 USA -Peggy Li TEL: 617-973-3917 FAX: 617-573-5417	FRBB ePurse v2 on ActivCard Applet v2 on Cyberflex Access 64k v1 (Hardware Version: SLE66CX640P; Firmware Versions: OS Hardmask n5 v1, OS Softmask n4 v2, ACA Applet v2.3.0.5, ASCLib v2.3.0.3, PKI/GC Applet v2.3.1.2, ePurse v2 Version 2.0.12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58); RNG (vendor affirmed) -Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use); Single-chip "The ePurse is a secure payment module which enables a Common Access Card to be used as a payment mechanism at designated locations."
691	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe FIPS 201 Applet on SafesITe PIV TPC DM Card (Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 (MPH051), GCX4-FIPS EI08, GXP4-FIPS EI07 (MPH052) and GXP4-FIPS EI08; Applet Version: SafesITe FIPS 201 Applet Version 1.20) (PIV Card Application: Cert. #2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006; 12/19/2006; 08/29/2007; 12/20/2007; 07/28/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: Single-chip "This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, NITS SP-800-73-1, and is very well suited for US Government and Federal projects where FIPS-201, PIV-II compliance is required."
690	L-3 Communications Cincinnati Electronics 7500 Innovation Way Mason, OH 45040-9699 USA -Doug Merz TEL: 513-573-6567 FAX: 513-573-6767	AES-256 Encryption Core, T-724 X-Band Mission Data Transmitter FPGA [1] and T-725 X-Band Telemetry Transmitter FPGA [2] (Hardware Versions: 669510-1, 669515 [1] and 669715-1 [2]) (When operated in FIPS mode [1, 2]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2006; 08/30/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #346) -Other algorithms: DES [1] Single-chip "The AES-256 Encryption Core is to be used in spacecraft based transmitters for protection of electronic data during downlink to earth based ground stations. Applications include low rate telemetry data transmitters and high rate mission data transmitters."
689	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	C95i Secure Metering Module (SMM) (Hardware Version: 4126736H B; Firmware Version: 4130379C G10 (SH1), 4126898B A (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/14/2006; 10/03/2006; 04/26/2007	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #389); RNG (Cert. #38); ECDSA (Cert. #15); HMAC (Cert. #119) -Other algorithms: Multi-chip embedded "The IJ40/50/60 are Neopost mid range of Franking products that incorporate a secure metering module for producing a highly secure franking impressions to meet CPC requirements."
688	DigitalGlobe Inc. 1900 Pike Road Longmont, CO 80501-6700 USA -Skip Cubbedge TEL: 303-684-4516 FAX: 303-684-4048	WorldView Wideband Transmitter FPGA (Hardware Version: 668515-1) (Bypass capability excluded from FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/13/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #296) -Other algorithms: Single-chip "The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
687	TecSec Incorporated Accounts Payable 1953 Gallows Road Suite 220 Vienna, VA 22182 USA -Lisa Liedel -Roger Butler	CKM® Cryptographic Module (Software Version: 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/13/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode) -FIPS-approved algorithms: AES (Certs. #345 and #379); Triple-DES (Certs. #407 and #422); SHS (Certs. #420 and #450); HMAC (Certs. #149 and #167); RNG (Certs. #165 and #181); RSA (Certs. #116 and #131); DSA (Certs. #155, #163, and #165) -Other algorithms: DES; Twofish; Blowfish; P-Squared; RSA Key Establishment (key wrapping; key establishment methodology provides between 69 bits and 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; HMAC-MD5; CKM Key Construction Multi-chip standalone "TecSec® IncorporatedÆs Constructive Key Management« (CKM®) Cryptographic Module (CKMCRYPTO_FIPS.DLL) (Software version 2.0.0.11) is a FIPS 140-2 Level 1 compliant, general purpose, software based cryptographic module running upon the Microsoft« Windows« Operating System (in single user mode)."
686	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Mel Snyder TEL: 919-462-1900 x208 FAX: 919-462-1933	SafeEnterprise™ Encryptor, Model 600 (Hardware Version: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10112-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-30013-00x, 904-10014-00x, 904-10014-00x, 904-10113-00x, 904-25005-00x, 904-25005-00x, 904-25005-00x; Firmware Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/11/2006; 04/09/2007; 04/26/2007; 12/07/2007; 03/07/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#262 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterprise™ Encryptor, Model 600 provides data privacy and access control for connections between vulnerable public and private networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in 155Mbps (OC-3), 622Mbps (OC-12), 1.0Gbps, and 2.4Gbps (OC-48) networks."
685	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
684	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
683	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2033P-000; Build Standards C & N; Firmware Version: 2.22.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006; 06/24/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
682	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Versions: 1.0.4.7, 1.0.4.15 and 1.0.4.24) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/26/2006; 04/26/2007; 04/30/2007; 06/21/2007; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLock, featured in the KanguruMicro Drive AES USB 2.0 Flash Drive, addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
681	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, and nCipher 800 PCI (Hardware Version: nC3033P-1K6, nC3033P-1K6N and nC3033P-800 Build Standard C; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
680	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI, nCipher 1600 PCI, and nCipher 1600 PCI for NetHSM (Hardware Version: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, Build Standard C; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
679	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Series II (Hardware Version: Models PC500 P/N 906-160001-01, PC530 P/N 906-162001-01, PC530J P/N 906-162002-01, PC530S P/N 906-162004-01, PC600 P/N 906-160002-01, PC700 P/N 906-161001-01, PC730 P/N 906-162005-01, PC730J P/N 906-162006-01, PC730S P/N 906-162008-01, PC800 P/N 906-161002-01; Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #372); AES (Certs. #299 and #300); Skipjack (Cert. #16); DSA (Cert. #142); ECDSA (Cert. #10); RSA (Cert. #88); SHS (Certs. #373 and #374); RNG (Cert. #126) -Other algorithms: MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); KEA Multi-chip standalone "The LYNKS Series II Hardware Security Module (HSM) supports the new "Suite B" algorithms, including elliptic curve cryptography with ECDSA signatures, AES, and the "SHA-2" algorithms. Available with either PCMCIA or USB interfaces."
678	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-8020S and LX-8040S Series Console Servers (Hardware Versions: B/L 350-6003 Rev: D, P/N 500-8722 Rev: A and B/L 350-6003 Rev: D, P/N 500-8724 Rev: A and B/L 350-6005 Rev: G, P/N 500-8732 Rev: A and B/L 350-6004 Rev: C, P/N 500-8730 Rev: A and B/L 350-6003 Rev: D, P/N 500-8723 Rev: B and B/L 350-6003 Rev: D, P/N 500-8725 Rev: B and B/L 350-6005 Rev: G, P/N 500-8733 Rev: A and B/L 350-6004 Rev: C, P/N 500-8731 Rev: A and B/L 350-6003 Rev: D, P/N 500-8726 Rev: A and B/L 350-6003 Rev: D, P/N 500-8728 Rev: A and B/L 350-6005 Rev: G, P/N 500-8736 Rev: A and B/L 350-6004 Rev: C, P/N 500-8734 Rev: A and B/L 350-6003 Rev: D, P/N 500-8727 Rev: B and B/L 350-6003 Rev: D, P/N 500-8729 Rev: B and B/L 350-6005 Rev: G, P/N 500-8737 Rev: A and B/L 350-6004 Rev: C, P/N 500-8735 Rev: A; Firmware Version: linuxito Version: 3.7.2 and ppciboot Version: 3.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #117); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 194-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 194-bits of encryption strength) Multi-chip standalone "The LX-8000S 20 and 40 port Dual AC and DC units with an optional internal modem add high-end NEBS console management to MRV's LX Series Console Servers. The Linux based system is tuned for optimal performance, security and reliability. The LX-8000S models are designed for telco and data center applications that demand high quality and reliability standards, dual power and NEBS Level-3 Certification."
677	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe TOP DM GX4 - FIPS with ActivIdentity Digital Identity Applet Suite v2 (Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GXP4-FIPS EI07, Applet Versions: ACA v2.6.1, PKI/GC v2.6.1, ASC library package v2.6.1; ACA v2.6.2, PKI/GC v2.6.2, ASC library package v2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/12/2006; 12/19/2006; 03/01/2007; 07/28/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.1 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2.1 standards."
676	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module (Hardware Version: Chassis:6506, 6509, 6506-E, 6509-E,7606,7609; Backplane chassis: Hardware Version 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Version 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); VPNSM Blade: Hardware Version 1.3; Firmware Version: 12.2(18)SXE2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #132 and 155); SHS (Cert. #117); HMAC (Cert. #33); RNG (Cert. #123) -Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 96-bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
675	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150, and nC4032P-10 Build Standard ER; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
674	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150 and nC4032P10 Build Standard ER; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
673	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1and 7301 with VAM2+ (Hardware Version: 7206VXR; NPE-G1 Version: 2.1, Board Version A0; VAM2+ Version: 1.0, Board Version: C0; 7301 Version: 5.0, Board Version: A0; Firmware Version: 12.3(11)T10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/15/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #173); Triple-DES (Cert. #275); SHS (Certs. #404 and #258); HMAC (Cert. #39); RNG (Certs. #150 and #83) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES; HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
672	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-2 and 2.22.34-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006; 06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
671	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-3 and 2.22.34-3) (When operated in FIPS mode and initialized to Overall 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006; 06/24/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
670	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006;04/29/2008; 06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
669	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006; 06/24/2008	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
668	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D (Hardware Version: HW P/N 77; Firmware Version: FW Version E303-063684 with PIV Applet Suite v1 (PIV Applet v1.08 or v1.09 and SSO Applet v1.08)) (PIV Card Application: Cert. #1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 07/27/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The PIV EP v1 is a fully validated PIV-II « End Point » smart card to answer HSPD12. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption and secure post issuance management. To increase flexibility and customization capabilities, the card supports all PIV optional data containers from SP800-73-1, plus additional non-PIV containers and keys configurable during manufacturing. A built-in Card Single Sign-On application allows multiple on card applications to share the same Card Holder Verification Method (Global PIN)."
667	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Clemens Heinrich TEL: +49-3303-525-619 FAX: +49-3303-525-609	Postal Revenector Canada (Hardware Version: 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0009.00/01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 06/26/2007	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #20); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Postal Revenector Canada is an embedded hardware module which provides security critical services for postage meters in the Canadian market. It is used to support new secure methods of applying postage."
666	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609	Revenector (Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 05/30/2006	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: RSA (Cert. # 109); SHS (Cert. #400) -Other algorithms: Multi-chip embedded "Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
665	Francotyp-Postalia Triftweg 21-26 16547 Birkenwerder Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49/3303/525/656 FAX: +49/3303/525/609	Postal Revenector (Hardware Version: P/N 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0006.00/03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #19); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
664	Zix Corporation 2711 N. Haskell Avenue Suite 2300 Dallas, TX 75204-2960 USA -Dena Bauckman TEL: 214-370-2008 FAX: 613-288-2456	S/MIME Gateway Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/26/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Linux Red Hat Enterprise 3 Operating System (in single user mode) -FIPS-approved algorithms: AES (Cert #321); Triple-DES (Cert #385); RSA (Cert #108); SHS (Cert #394); HMAC (Cert #127); RNG (Cert #145) -Other algorithms: DSA (non compliant); Diffie-Hellman (key agreement); Elliptic Curve (non compliant); MD2; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength) Multi-chip standalone "The S/MIME Gateway for ZixVPM® provides gateway-to-gateway email encryption using a FIPS 140-2 level 1 validated cryptographic module. The S/MIME Gateway for ZixVPM adheres to the standards set out in the Open Group S/MIME Gateway Profile and is interoperable with other certified S/MIME Gateway solutions. The approved cryptographic algorithms included in the module are: AES, Triple-DES, RSA, SHA-1, HMAC SHA-1, and FIPS 186-2 Appendix 3.1 RNG."
663	3e Technologies International, Inc. 9175 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-010F-A-2 Cryptomodule and 3e-010F-C-2 Cryptomodule (Software Version: 3e-010F-A-2 Version 2.0, Build 18; 3e-010F-C-2 Version 2.0, Build 15; and 3e-010F-C-2 Version 2.0, Build 15, Revision 1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/26/2006; 08/01/2006; 08/29/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional with SP4 and Microsoft Windows XP with SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #225, #287 and #288); Triple-DES (Cert. #316); RNG (Cert. #67); CCM (Certs. #5 and #6); HMAC (Cert. #32); SHS (Cert. #306); RSA (Cert. #112) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The 3e-010F-A-2 and 3e-010F-C-2 Crypto Clients provide standard 802.11a/b/g wireless access along with enhanced protection through a variety of cryptographic features, providing a high level of security for wireless environments. In FIPS 140-2 mode (highly secure), encryption can be set for None, Static AES, Static 3DES, Dynamic Key Exchange and WPA2 Enterprise and Personal (AES-CCM). In non-FIPS mode, one can select None, Static AES, Static 3DES, Dynamic Key Exchange, Static WEP, WPA-Enterprise and Personal (TKIP or AES-CCM) and WPA2-Enterprise and Personal (TKIP or AES-CCM)."
662	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 FAX: 813-288-7389	AirFortress ® AF1100 Wireless Cryptographic Module (Hardware Version: AF-1100; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006	Overall Level: 2  -FIPS-approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant) Multi-chip standalone "The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression."
661	International Business Machines (IBM) 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM eServer Cryptographic Coprocessor Security Module (Hardware Version: P/Ns 12R6536, 12R8241, 12R8561, 41U0438, Model 4764-001; Firmware Versions: 2096a16d and c16f4102) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006; 06/14/2006; 04/30/2007; 09/25/2007	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #103); Triple-DES (Cert. #215); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132) -Other algorithms: DES (Cert. #237); MD5, RSA (ISO 9796, non-compliant) Multi-chip embedded "The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptographic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in IBM eServer zSeries and iSeries servers; and for use in IBM eServer xSeries."
660	Authenex, Inc. 1489 Salmon Way Hayward, CA 94544 USA -Harry Lee TEL: 510-324-0230 x114 FAX: 510-324-0251	Authenex A-Key (Hardware Version: P/N AKEY2T0-01, Version 2.0.0; Firmware Version: 3.6.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #84); AES (Cert. #294); SHS (Cert. #367); RNG (Cert. #119) -Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Authenex A-Key provides two factor strong authentication for the mobile user, with an embedded suite of applications."
659	Neopost Technologies 113 rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	C20ND-C21ND Secure Metering Module (Hardware Version: 4124558P Version B; Firmware Versions: 30.20 and 30.24) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006; 10/03/2006; 12/19/2006	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA (Cert. #61); ECDSA (Cert. #16); HMAC (Cert. #122); Triple-DES (Cert. #119); SHS (Cert. #391); RNG (Cert. #141) -Other algorithms: Multi-chip embedded "The C20ND module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes with ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
658	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With IPSec VPN SPA (Hardware Versions: 6506, 6509, 6506-E, 6509-E, 7606, 7609; Backplane chassis: Hardware Versions 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); IPSec VPN SPA: Hardware Version 1.0; Firmware Version: 12.2(18)SXE2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/20/2006; 05/16/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #258 and #298); SHS (Certs. #285 and #422); HMAC (Certs. #15 and #153); RNG (Cert. #123); AES (Certs. #156 and #209) -Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
657	Tutarus Corporation 6767 Old Madison Pike Suite 292 Huntsville, AL USA -Ray Clayton TEL: 256-922-1555	TRAKRON (Software Version: 2.2) Validated to FIPS 140-2 Security Policy Certificate	Software	04/13/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode) -FIPS-approved algorithms: AES (Cert. #313); SHS (Cert. #383); RSA (Cert. #99); RNG (Cert. #133) -Other algorithms: N/A Multi-chip standalone "The TRAKRON module is a software module packaged as a Dynamic-link Library (DLL) on Windows. The library can be used on Microsoft Windows NT, 2000, and XP operating systems. The TRAKRON module provides high-level encryption for Tutarusªs security products."
656	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	PIX 515 and PIX 515E (Hardware Versions: 515 and 515E; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2006; 03/20/2007	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124); RSA (Certs. #105 and #107); DSA (Certs. #150 and #152) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-todeploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
655	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	ASA 5510, ASA 5520 and ASA 5540 (Hardware Versions: 5510, 5520, and 5540; Firmware Version: 7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #217 and #384); AES (Certs. #105 and #320); RNG (Certs. #143 and #144); SHS (Certs. #196 and #393); HMAC (Certs. #124 and #125); RSA (Certs. #105 and #106); DSA (Certs. #150 and #151) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
654	Tutarus Corporation 6767 Old Madison Pike Suite 292 Huntsville, AL USA -Ronn Cochran TEL: 256-922-1555	SRKCRYPTO (Software Version: 3.4.1) Validated to FIPS 140-2 Security Policy Certificate	Software	04/06/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode) -FIPS-approved algorithms: AES (Cert. #314); SHS (Cert. #384); RSA (Cert. #100); RNG (Cert. #134) -Other algorithms: N/A Multi-chip standalone "SRKCRYPTO is a digital data encryption library that provides encryption services for Tutarus products. SRKCRYPTO is a unique encryption engine in that it generates a new random key each time data needs to be encrypted. This provides a higher level of security required for the most sensitive data protection."
653	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A; Firmware Versions: 3.1 and 3.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 08/16/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
652	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA TEL: 800-NCIPHER FAX: 781-994-4001	nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3]; Build Standards M & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 06/29/2006; 12/20/2006; 06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
651	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA TEL: 800-NCIPHER FAX: 781-994-4001	nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30; Build Standards M & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/06/2006; 06/29/2006; 12/20/2006; 06/24/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
650	Ian Donnelly Systems, Inc. 17752 Preston Road Dallas, TX 75252 USA -Ian B. Donnelly TEL: 888-980-8887 FAX: 972-380-8866	KEY-UP (Hardware Version: P/N KEY-UP Version II-A; Firmware Version: 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #361); Triple-DES MAC (Cert. #361; vendor affirmed); SHS (Cert. #359); RNG (Cert. #127) -Other algorithms: DES; DUKPT Multi-chip standalone "KEY-UP V5.0 security encryption devices for electronic funds transfer applications utilize the latest security specifications mandated by the American National Standard Institute (ANSI) while offering significant performance improvements and lower cost per transaction."
649	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Douglas TEL: 571-334-4300	Aruba 800, 5000 and 6000™ Mobility Controller with ArubaOS FIPS Software (Hardware Versions: (Aruba 800) HW-800-CHAS-SPOE-SX, HW-800-CHAS-SPOE-T; (Aruba 5000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; (Aruba 6000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-256-C2 (3300027 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; Software Versions: A800_2.4.1.0-FIPS, A800_2.4.8.2-FIPS, A800_2.4.8.3-FIPS, A800_2.4.8.8-FIPS, A800_2.4.8.9-FIPS, A800_2.4.8.10-FIPS, A800_2.4.8.11-FIPS, A800_2.4.8.12-FIPS, A800_2.4.8.14-FIPS, A800_2.4.8.15-FIPS, A5000_2.4.1.0-FIPS, A5000_2.4.8.2-FIPS, A5000_2.4.8.3-FIPS, A5000_2.4.8.8-FIPS, A5000_2.4.8.9-FIPS, A5000_2.4.8.10-FIPS, A5000_2.4.8.11-FIPS, A5000_2.4.8.12-FIPS, A5000_2.4.8.14-FIPS and A5000_2.4.8.15-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006; 08/10/2006; 03/01/2007; 04/30/2007; 06/21/2007; 08/31/2007; 10/12/2007; 10/22/2007; 04/04/2008; 05/09/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #315 and #159); Triple-DES (Certs. #382 and #261); SHS (Certs. #386 and #244); HMAC (Certs. #116 and #118); RNG (Cert. #135); RSA (Certs. #101 and #102); CCM (Cert. #4) -Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
648	3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064 USA -Victoria Van Spyk TEL: 408-326-8581	3Com Embedded Firewall PCI Cards (Hardware Versions: 03-0229-501 and 03-0347-501; Firmware Version: Runtime: 03.101.015, Diagnostic: 03.101.015, Sleep: 03.101.015) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #212); RNG (Cert. #139); SHS (Certs. #188 and #189); HMAC (Certs. #120 and #130) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Offers hardware embedded encryption and authentication and Fast Ethernet Connectivity for fiber and copper cabled lan."
647	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	ActivIdentity Digital Identity Applet Suite V2 on Gemalto SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2) (Hardware Versions: P/Ns A1002057, A1002631 and A1006577, Hardmask 1v3; Firmware Versions: V2.3.0c suite: ACA applet package version 2.3.0c, PKI/GC applet package version 2.3.0c, ASC library package version 2.3.0c; V2.6.1 suite: ACA applet package version 2.6.1, PKI/GC applet package version 2.6.1, ASC library package version 2.6.1; V2.6.2 suite: ACA applet package version 2.6.2, PKI/GC applet package version 2.6.2, ASC library package version 2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2006; 05/26/2006; 08/29/2006; 07/28/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64) -Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed) Single-chip "This product can be configured to use with suite V2.3.0c for GSC-IS v2.1 support, and with suite V2.6.1 for both GSC-IS v2.1 support and SP800-73 Transitional Card Edge support (for HSPD12/PIV)."
646	PostX Corporation 3 Results Way Cupertino, CA 95014-5924 USA -Robert Olson TEL: 408-861-3513	PostX FIPS Cryptography Kernel (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "The PostX Messaging Application Platform is a trusted email solution that is an enterprise-class platform for encrypting ad hoc emails internal and external to the customer's network. As a compliance and enterprise solution, PostX MAP provides companies the options of deployment, when and how to encrypt, and policy enforcement from 100% on the desktop, 100% at the gateway, or any combination of gateway and desktop. The PostX FIPS Cryptography Kernel is the software module that provides the basic cryptographic functionality for the Messaging Application Platform."
645	SafeNet, Inc. 8029 Corporate Drive Baltimore, MD 21236 USA -Joel Rieger TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version: 3.21.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Solaris 8 2/02 on Sun Blade 2000 -FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403) -Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
644	SafeNet, Inc. 8029 Corporate Drive Baltimore, MD 21236 USA -Joel Rieger TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version: 3.21.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2006	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Linux 2.4.18-3 and Solaris 8.2/02 -FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403) -Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
643	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet Enterprise ATM Encryptor II, Model 600 (Hardware Versions: 901-11001-00x, 901-27001-00x, 901-37001-00x, 901-77001-00x, 901-41001-00x, 901-61001-00x, 901-51001-00x, 901-81001-00x; Firmware Version: 3.0) (Note: Refer to the cryptographic module’s security policy for the details on the letter x designation) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #268, #269 and #270); AES (Certs. #166, #167 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM ATM Encryptor II provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in ATM T1, E1, T3, E3, OC-3c and OC-12c networks."
642	Open Source Software Institute Administrative Office P.O. Box 547 Oxford, MS 38655 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Source Content Version: OpenSSLfips1.0.tar.gz; Resultant Compiled Software Version: 1.0) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Not Available Security Policy Certificate	Software	03/22/2006; 03/29/2006; 06/21/2006	Overall Level: 1  -Operational Environment: Tested as meeting Leve 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) -FIPS-approved algorithms: Triple-DES (Cert. #256); AES (Cert. #146); DSA (Cert. #108); SHS (Certs. #235 and #360); HMAC-SHA-1 (Cert. #95); RSA (Cert. #78); RNG (Cert. #111) -Other algorithms: DES ((Cert. #258); Diffie-Hellman (key agreement, key establishment methodology provides between 80-bits and 256-bits of encryption strength) Multi-chip standalone
641	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust TruePass™ Applet Cryptographic Module (Software Version: 8.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/22/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4 and Windows XP SP2 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1; and Netscape Navigator Browser 7.0, (Certs. #7, #45, #47) or Microsoft Internet Explorer 6.0 SP1, (Certs. #76, #103); (operated in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #377); SHS (Cert. #379); RNG (Cert. #129); RSA (Cert. #91) -Other algorithms: CAST 128; RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Entrust TruePass Applet Cryptographic Module 8.0 performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
640	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-525A-3 and 3e-525V-3 AirGuard™ Wireless Access Point (Hardware Versions: 3e525A-3: HW V1.0(A), HW V1.0(B), HW V1.0(C), HW V1.0(D), and HW V1.0(E); 3e-525V-3: HW V1.0(E)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006; 08/01/2006; 02/12/2007; 04/26/2007	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. 238); HMAC (Cert. #13); SHA-1 (Cert. #278); RNG (Cert. #22); CCM (Cert. #1) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The AirGuardTM model 525A-3 and model 525V-3 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3 incorporates an extra video module to provide capability for remote video surveillance and camera control."
639	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivIdentity Digital Identity Applet Suite v1/v2 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Versions E302, E303-063683, E303-063684, E303-063792; Firmware Versions: ActivIdentity Applet Suite V1.1.6: ID applet v1.0.0.23, PKI applet v1.0.0.29, GC applet v1.0.0.27, SKI applet v1.0.0.16; ActivIdentity Applet Suite V1.1.6p: ID applet v1.0.0.25, PKI applet v1.0.0.32, GC applet v1.0.0.29, SKI applet v1.0.0.18; ActivIdentity Applet Suite V2.6.1: ACA applet v2.6.1, PKI/GC applet v2.6.1, ASC library v2.6.1; ActivIdentity Applet Suite V2.6.2: ACA applet v2.6.2, PKI/GC applet v2.6.2, ASC library v2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/22/2006; 05/26/2006; 08/29/2006; 10/03/2006; 07/24/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 : -Physical Security: Level 3: -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v1.1.6 for enterprise deployment or with v2.6.1for the support of GSC-IS v2.1 and NIST SP800-73 Transitional Card Edge (for HSPD-12/PIV)."
638	Secure Computing Corporation 2340 Energy Park Drive St. Paul, MN 55108 USA -Chuck Monroe TEL: 651-628-2799 FAX: 651-628-2701	Cryptographic Module for SecureOS® (Software Version: 9.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SecureOS® V6.1 by Secure Computing Corporation -FIPS-approved algorithms: Triple-DES (Cert. #368); AES (Cert. #295); DSA (Cert. #141); SHS (Cert. #368); HMAC (Cert. #106); RSA (Cert. #85); RNG (Cert. #120) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder G2® Security Appliance™ and Sidewinder G2 Enterprise Manager(tm). Sidewinder G2 is a line of comprehensive unified threat management (UTM) security appliances consolidating a variety of Internet security functions including Application Defenses™ firewall, anti-virus, anti-spam, traffic anomaly detection, IDS/IPS, and more. It is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
637	D'Crypt Private Limited 20 Ayer Rajah Crescent #08-08 Technopreneur Centre Singapore, 139964 Singapore -Quek Gim Chye TEL: (65) 6776-9210 FAX: (65) 6873-0796	d'Cryptor ZE Cryptographic Module (Hardware Versions: P/N DC-ZEN2-30 v3.0, DC-ZEN4-30 v3.0; Firmware Versions: Kernel v3.0, LFM v1.0, AFM v1.0 (builds 1124783674, 1124783679) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #298); Triple-DES (Cert. #371); SHS (Cert. #372); RSA (Cert. #90); HMAC (Cert. #108); RNG (Cert. #125) -Other algorithms: DES (Cert. #328) Multi-chip embedded "d'Cryptor ZE is a micro-token targeted at high security embedded applications. Central to the next generation d'Cryptor products, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
636	Renesas Technology Corporation 450 Holger Way San Jose, CA 95134-1368 USA -Victor Tsai TEL: 408-382-7735 FAX: 408-382-7490	Aspects Software OS755 for Renesas XMobile Card Module (Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/14/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #327); Triple-DES MAC (Cert. #327; vendor affirmed); RNG (Cert. #75); RSA (Cert. #57); SHS (Cert. #315) -Other algorithms: DES (Cert. #305); DES MAC (Cert. #305; vendor affirmed); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant) Single-chip "Aspects OS755 for Renesas XMobile Card Module is the combination of a Java Card compliant Operating System that implements FIPS Approved cryptographic functions and a secure Single Chip Silicon hardware. This module is a flexible platform capable of post-issuance customization and updates, and that offers Java Card 2.1.1 technology and GlobalPlatform 2.1 services in addition to a range of FIPS Approved on-board random-number generator, hardware accelerated Triple-DES and RSA algorithms, especially designed for the XMobile Card."
635	TLC-Chamonix, LLC 120 Village Square Suite 11 Orinda, CA 94563 USA -Phil Smith TEL: 877-479-4500 FAX: 877-639-3470	WirelessWall Client (Software Version: 3.3) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006; 05/20/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode), Windows 2000 SP4 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #301); AES (Cert. #211); SHS (Cert. #288); HMAC (Cert. #18); RSA (Cert. #41); RNG (Cert. #55) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5 Multi-chip standalone "The Cranite WirelessWall Client enables laptop, desktop, and handheld computer users to securely connect to WirelessWall-protected networks. The Client authenticates users, encrypts wireless network traffic, and blocks malicious attacks. Additionally, the Client optionally seamlessly roam from subnet to subnet without re-authenticating. The Client optionally integrates with the Windows logon, providing secure single signon functionality. Cranite's WirelessWall Client is simple to use and is validated to the government's rigorous FIPS-2 security standard."
634	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 (Firmware Version: NG with Application Intelligence R54) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/03/2006; 05/02/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 - Tested: Dell Optiplex GX-1 running Secure Platform Operating System version NG with Application Intelligence R54 -FIPS-approved algorithms: Triple-DES (Cert. #333); AES (Cert. #88); SHS (Cert. #325); HMAC (Cert. #56); RSA (Cert. #63); RNG (Cert. #30) -Other algorithms: DES (Cert. #311); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 97 bits of encryption strength); RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NG with Application Intelligence R54 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
633	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3251 Mobile Access Router Card (Hardware Version: 3.2; Firmware Version: 12.3(14)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2006; 12/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant) Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
632	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3220 Mobile Access Router Card (Hardware Version: 3.2; Firmware Version: 12.3(14)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2006; 12/06/2006	Overall Level: 1  -Cryptographic Module Specification: Level 2 -Cryptographic Module Ports and Interfaces: Level 2 -Roles, Services, and Authentication: Level 2 -Finite State Model: Level 2 -Cryptographic Key Management: Level 2 -EMI/EMC Level 2 -Self-Tests: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant) Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
631	Good Technology, Inc. 4250 Burton Drive Santa Clara, CA 95054 USA -Daphne Won TEL: 408-327-6227	FIPSCrypto on Windows Mobile (Software Version: 4.7.0.50906) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 Operating System -FIPS-approved algorithms: AES (Cert. #134); Triple-DES (Cert. #240); SHS (Cert. #217); HMAC (Cert. #126) -Other algorithms: Multi-chip standalone "The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
630	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/03/2006; 05/08/2007; 03/07/2008; 07/28/2008; 08/21/2008	Overall Level: 1  -Cryptographic Module Specification:Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with MAC OSX 10.4.2; Windows XP SP2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #379); AES (Cert. 308); DSA (Cert. #144); SHS (Cert. #381); HMAC (Cert. #114); RSA (Cert. #97); RNG (Cert. #131) -Other algorithms: CAST-5; IDEA; Two-Fish; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal Encrypt/Decrypt (key wrapping; key establishment methodology provides between 112 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 to 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP WDE, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
629	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper NetScreen-5GT (Hardware Version: P/N NS-5GT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.t and 5.0.0r9b.t) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/07/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #239); Triple-DES (Cert. #329); DSA (Cert. #125); SHS (Cert. #286); RSA (Cert. #59); HMAC (Cert. #16); RNG (Cert. #58) -Other algorithms: DES (Cert. #307); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates multiple security functions - Stateful and Deep Inspection firewall, IPSec VPN, denial of service protection, antivirus and Web filtering. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security. The NetScreen-5GT Ethernet is available with five Ethernet interfaces that can be deployed in a wide variety of configurations."
628	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondLink/CL100 (Hardware Versions: P/Ns 5010D26200-4 Rev. C, 5010D26200-4 Rev. D, 5010D26200-5 Rev. D and 5010D26200-5 Rev. E; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondLink is a managed secure network appliance that features DiamondTEK's self protecting security computer. DiamondLink automatically identifies and authenticates the user to the network, encrypts communications and determines which data and servers the user is authorized to access. Security functions include token based user I&A, firewall filtering, IPSec, Data Driven Access Control (DDAC) capabilities and centralize management using the DiamondTEK DiamondCentral."
627	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondVPN/CV100 (Hardware Versions: P/Ns 5010D27450 Rev. D and 5010D27450 Rev. F; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondVPN is a rack-mounted network security appliance that can be installed to enforce a single security policy for a workgroup or department operating on your enterprise network. The DiamondVPN can also be deployed at the edge of a corporate LAN for outbound communications security and control of access to the LAN. The DiamondVPN supports secure pass-through to devices protected by other DiamondTEK products. This allows full-path, end-to-end security in combination with conventional site-to-site and remote-to-site tunneled communications."
626	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	DiamondPak/CP106 (Hardware Versions: P/Ns 5010D27630 Rev. C and 5010D27630 Rev. D; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/27/2006	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "DiamondPak is a rack-mounted network appliance designed for protecting multiple servers, each having DiamondTEK's self-protecting security computer with a single security profile. With DiamondPak's advanced access-control system for protecting critical backend systems, DiamondPak provides the same security protection that is used for our governement's most sensitive information."
625	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 1750, 2700 and 5000 with VPN Router Security Accelerator (Hardware Versions: 1750, 2700 and 5000 with DM0011085; Firmware Version: 5.05_150) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 02/12/2007; 06/21/2007	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #158 and #367); AES (Certs. #48 and #292); SHS (Certs. #143 and #366); HMAC (Certs. #102 and #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
624	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 1700, 1750, 2700 and 5000 with Hardware Accelerator (Hardware Versions: 1700, 1750, 2700 and 5000 with DM0011052; Firmware Version: 5.05_150) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 04/26/2007; 06/21/2007	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #367); AES (Cert. #292); SHS (Certs. #51 and #366); HMAC (Certs. #101 and #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
623	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -David Norton TEL: 978-288-7079 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	VPN Router 600, 1700, 1750, 2700 and 5000 (Hardware Versions: 600, 1700, 1750, 2700 and 5000; Firmware Version: 5.05_150) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/24/2006; 05/16/2006; 04/26/2007; 06/21/2007	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #367); AES (Cert. 292); SHS (Cert. #366); HMAC (Cert. #103); RSA (Cert. #83); RNG (Cert. #116) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
622	Lexmark International, Inc. 740 West Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000	Lexmark PrintCryption (Firmware Version: 1.3.0) Validated to FIPS 140-2 Security Policy Certificate	Firmware	01/19/2006; 12/13/2006; 01/04/2007	Overall Level: 1  -Tested: T630, T632, T634, T640, T642, T644, C534, C760, C762, C912, C920, W820, W840, Lexmark ver. 2.4 O/S -FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360 and #470); AES (Certs. #273, #274, #275, #276, #277 and #452); RSA (Certs. #73, #74, #75, #76, #77 and #171); SHS (Certs. #350, #351, #352, #353, #354 and #515); HMAC (Certs. #89, #90, #91, #92, #93 and #215); RNG (Certs. #100, #101, #102, #103, #104 and #237) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Lexmark PrintCryption Card is an option for the Lexmark series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
621	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Rose Quijano-Nguyen TEL: 408-473-1313 FAX: 408-473-1307 -Chris Winter TEL: 408-473-1393 FAX: 408-473-1307	CryptoStor Tape 702 and 704 (Hardware Versions: FC702 - P/N 820-0004-01 Rev 2 and FC704 - P/N 820-0005-01 Rev 1; Firmware Version: 2.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/19/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and #183); SHS (Certs. #258 and #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Certs. #35 and #83) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a readily deployable, high-speed tape security appliance that compresses, encrypts and digitally signs data as it goes to tape media or virtual tape--without disrupting backup processes. CryptoStor dynamically intercepts backup/restore communications between hosts and tape libraries-centrally managing and fully off-loading tape media security functions. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery with the appliance or with a software-only utility."
620	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM- VPN/EPII-Plus (Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219, #181 and #100); Triple-DES (Certs. #311, #283 and #213); SHS (Certs. #300, #267 and #401); HMAC (Certs. #29, #27 and #38); RNG (Cert. #31) -Other algorithms: DES (Certs. #292, #275 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
619	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus (Hardware Version: 2851; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219, #96 and #100); Triple-DES (Certs. #311, #210 and 213); SHS (Certs. #300, #317 and #401); HMAC (Certs. #84, #50 and #38); RNG (Cert. #97) -Other algorithms: DES (Certs. #292, #233 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
618	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 Integrated Services Router with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Router with AIM-VPN/HPII-Plus (Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #210, #213 and #311); AES (Certs. #96, #100 and #219); RNG (Cert. #97); SHS (Certs. #300, #317 and #401); HMAC (Certs. #38, #50 and #84) -Other algorithms: DES (Certs. #233, #235 and #292); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 3800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
617	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Router with AIMVPN/ EPII-Plus (Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #100); Triple-DES (Certs. #311 and #213); SHS (Certs. #300 and #401); HMAC (Certs. #84 and #38); RNG (Cert. #97) -Other algorithms: DES (Certs. #292 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip Standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
616	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 and Cisco 2801 Integrated Services Router (Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31) -Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
615	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Donovan Deakin TEL: 206-217-7500 FAX: 206-217-7515	Reflection Security Component for Java (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/06/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Mac OS X 10.3.5 and Apple Java Runtime Environment 1.4.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20) -Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength) Multi-chip Standalone "Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
614	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan Taiwan 326, Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HICOS PKI Smart Card (Hardware Version: HD65145C1; Software Version: GINA Applet: 1.0, PKI Applet: 1.0, FISC II Applet: 1.2; Firmware Version: HardMask: 1.0, SoftMask: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/06/2006	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #72); Triple-DES (Cert. #355); SHS (Cert. #357); RNG (Cert. #107); AES (Cert. #272); HMAC (Cert. #87); Triple-DES MAC (Cert. #355, vendor affirmed) -Other algorithms: Single-chip "The HICOS PKI smart card module is a single chip implementation of a cryptographic module. The HICOS PKI smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
613	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #96); Triple-DES (Certs. #311 and #210); SHS (Certs. #300 and #317); HMAC (Certs. #84 and #50); RNG (Cert. #97) -Other algorithms: DES (Certs. #292 and #233); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
612	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Router (Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31) -Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
611	Litronic, Inc. 17861 Cartwright Irvine, CA 92614 USA -Cameron Durham TEL: 949-851-1085 FAX: 949-851-8588	jForté/HAT Cryptographic Module (Hardware Version: P/N 078-2010-02 Version J002; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #306); Triple-DES MAC (Cert. #306, vendor affirmed); SHS (Cert. #294); RSA (Cert. #46); RNG (Cert. #59); Skipjack (Cert. #15) -Other algorithms: DES (Cert. #289); DES MAC (Cert. #289, vendor affirmed) Single-chip "The high assurance jForté/HAT module is a multi-function, secure device, specifically engineered to provide expanded storage and accelerated processing of complex cryptographic functions. jForté/HAT also provides high data throughput via its dual I/O interface, supporting both ISO7816-3 and Full Speed USB. The module is available in several different packaging configurations - smart card module, 24-pin SOIC or bare die. Our patented smart card packaging provides access to both 7816-3 and USB interfaces so the same smart card will work in both standard readers, at 7816 speeds, and in high-speed USB readers and Full Speed USB."
610	Avaya, Inc. Atidim Technology Park Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G250 and G250-BRI Branch Office Media Gateways w/FIPS (Hardware Versions: 700356231 and 700356223 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #330); AES (Cert. #242); SHS (Cert. #320); HMAC (Cert. #60); RSA (Cert. #60); RNG (Cert. #77) -Other algorithms: DES (Cert. #308); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2 Multi-chip standalone "The Avaya G250 Branch Office Media Gateway w/FIPS and G250-BRI Branch Media Gateway w/FIPS are complete branch office business communications systems that integrate an IP telephony gateway, an advanced IP WAN router, and a PoE LAN switch into a compact (2U) chassis. Ideally suited for enterprise with distributed branch office locations of 2-10 extensions, the G250 and G250-BRI Gateways replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
609	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPfone (Hardware Versions: P/N Snapfone Versions E and F; Firmware Versions: 7.10.1 v_7101 and 7.10.1 v_7101p2p) Snapfone (Hardware Versions: P/N Snapfone Versions E and F, Firmware Versions: 7.10.1v 7101 and 7.10.1v-l101p2p) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/23/2005; 01/13/2006; 01/27/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #302); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "SNAPfone is a compact encryption termination unit capable of securing voice communications over analog telephone lines. SNAPfone performs high level encryption process with a new key draw for each session using Asymmetric Public Key Cryptography (1024 bit Diffie-Hellman) for key exchanging and Symmetric block cipher (192-bit 3DES) algorithm for session encryption. SNAPfone requires minimum user intervention with seamless operation." "The Snapfone is a plug-n-play encryption device for securing communications over regular analog (POTS) or fax lines. Snapfone is designed for compatibility among major telephone and PBX brands. It can also be deployed as a shared resource device when connected to a PBX. Its small footprint and 1101220v connectivity allows for easy transport and maximum flexibility. The cryptographic core engines are optimized for minimal voice latency providing superior voice quality. Snapfones can also be configured as a distributed secure voice network solution among groups and between multiple locations."
608	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/13/2005; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Linux 7.2; Red Hat Enterprise Linux AS3.0; Solaris 8 (Sun OS 5.8) Sparc V8; Solaris 8 (Sun OS 5.8) Sparc V8+; Solaris 8 (Sun OS 5.8) Sparc V9; Microsoft Windows Mobile 2003; Microsoft Windows XP SP2; IBM AIX 5L 5.3; HP-UX 11.23 Itanium 2; HP-UX 11.23 PA-RISC 2.0W; HP-UX 11.11 PA-RISC 2.0; VxWorks 5.4 PPC 604; VxWorks 5.5 PPC 603; VxWorks 5.5 PPC 604 -FIPS-approved algorithms: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert. #303); CCM (Cert. #7); SHS (Cert. #380); RSA (Cert. #96); RNG (Cert. #130); ECDSA (Cert. #11); HMAC (Cert. #113) -Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES; ECDRBG; RSA (key wrapping, key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement, key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 285 bits of encryption strength) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
607	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-204 and 208 (Hardware Version: P/N NS-204 and NS-208 Version 0110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. 118); DSA (Cert. #132); SHS (Cert. 103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
606	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5XT (Hardware Version: P/N NS-5XT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
605	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5400 (Hardware Version: P/N NS-5400 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); DSA (Cert. #132); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5400 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
604	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: P/N NS-500 Version 4110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32) -Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
603	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5200 (Hardware Version: P/N NS-5200 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/12/2005; 01/26/2006; 05/16/2006; 06/14/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Juniper Networks NetScreen-5200 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
602	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	JUNOS-FIPS (Firmware Versions: 7.2R1.7 and 7.4R1.7) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/12/2005; 05/16/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: Routing Engine RE 3.0, Routing Engine RE 4.0, Routing Engine 5.0, Routing Engine RE 5.0+ -FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344) -Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "JUNOS firmware is the first routing operating system designed specifically for the Internet. It runs on all Juniper Networks T-series, M-series, and Jseries routers, and is currently deployed in the largest and fastest growing networks worldwide. Its full suite of industrial strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. As well, JUNOS firmware supports the industry's first production-ready GMPLS implementation."
601	Avaya, Inc. Atidim Technology Park Bldg. 3 Tel Aviv, 61131 Israel -Pesah Spector TEL: 972-3-6459162 FAX: 972-3-6458462	G350 Branch Office Media Gateway w/FIPS (Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 24.16.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Certs. #171 and #251); SHS (Cert. #256); HMAC (Cert. #61); RSA (Cert. #17); RNG (Cert. #21) -Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2; DSA (non-compliant) Multi-chip standalone "The Avaya G350 Branch Office Media Gateway w/FIPS is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high-performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
600	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB4 4.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2005	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86) -Other algorithms: RSA (encrypt/decrypt); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
599	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/08/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 80 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 80-bits of encryption strength)) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Warp Drive (Software Version: 2.1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/01/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81) -Other algorithms: N/A Multi-chip standalone "Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
597	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 310-884-7900 FAX: 310-884-7904	ID-One Cosmo 32 v5 (Hardware Version: P/N 90; Firmware Version: E311-063842) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #303); Triple-DES MAC (Cert. #303, vendor affirmed); SHS (Cert. #290); RSA (Cert. #42); RNG (Cert. #99) -Other algorithms: DES (Cert. #286); DES MAC (Cert. #286, vendor affirmed); MD5 Single-chip "The ID-One Cosmo 32 v5 is a JavaCard cryptographic module specifically designed for identity and government market needs. It offers a full 32K Byte of EEPROM space available for customer discretionary use, together with on-card cryptographic services such as TDES (using double and triple length DES keys), and 2048-bit RSA with on-card key generation. The cryptographic module loads and runs applets written in Java programming language. It includes a native implementation of the latest Java Card TM (Version 2.2) and Open Platform (Version 2.1.1A) specifications, with full support for Delegated Management and DAP / Mandated DAP, that define a secure infrastructure for post-issuance programmable platforms. Additional features include On-Card fingerprint matching and Logical Channels."
596	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Router (Hardware Versions: 3825 and 3845; Firmware Version: 12.3(11)T03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs.#210 and #311); AES (Certs. #96 and #219); RNG (Cert. #97); SHS (Certs. #300 and #317); HMAC (Certs. #50 and #84) -Other algorithms: DES (Certs. #233 and #292); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. By integrating security functions directly into the router itself, Cisco can provide unique intelligent security solutions, such as network admissions control (NAC) for antivirus defense; Voice and Video Enabled VPN (V3PN) for quality-of-service (QoS) enforcement when combining voice, video, and VPN; and Dynamic Multipoint VPN (DMVPN) and Easy VPN."
595	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 03/06/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode) -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (ANSI X9.31, MD5, SHA1; non-compliant); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
594	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Mike French TEL: 847-435-5219	MCC7500 Secure Card Crypto Engine Cryptographic Module (Hardware Version: P/N CLN8131 Version B; Firmware Version: R02.00.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 06/14/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; ADP; DVI-SPFL; DVP-XL Multi-chip embedded "The MCC7500 Secure Card Crypto Engine Cryptographic Module is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
593	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.3.3, 3.8.3.5, 3.8.3.6 and 3.8.3.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	12/01/2005	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 7290 with BlackBerry OS Version 4.1 -FIPS-approved algorithms: Triple-DES (Cert. #366); AES (Cert. #291); SHS (Cert. #365); HMAC (Cert. #100); RSA (Cert. #82); RNG (Cert. #115); ECDSA (Cert. #9) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
592	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6 (Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/01/2005; 01/05/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
591	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x2921 FAX: 519-888-6906	BlackBerry Enterprise Server™ Cryptographic Kernel (Software Versions: 1.0.2.5, 1.0.2.7, 1.0.2.8, 1.0.2.9 and 1.0.2.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2005; 05/10/2007; 06/08/2007	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4 -FIPS-approved algorithms: Triple-DES (Cert. #364); AES (Cert. #289); SHS (Cert. #363); HMAC (Cert. #98); RNG (Cert. #114); ECDSA (Cert. #8) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic ryptographic functionality for the BlackBerry® Enterprise Server."
590	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J Software Module (Software Versions: 3.5 [1], 3.5.2 [2] and 3.5.3 [3]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/18/2005; 03/06/2006; 05/17/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with Java JRE 1.4.2. (in single user mode) -FIPS-approved algorithms: DSA (Cert. #139); Triple-DES (Cert. #353); AES (Cert. #270); SHS (Cert. #355); RSA (Certs. #70 [1] and #185 [2]); RNG (Cert. #105); HMAC (Cert. #85) -Other algorithms: DES (Cert. #325); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
589	Mobile Armor, LLC 400 South Woods Mill Rd. Chesterfield, MO 63017 USA -Bryan Glancey TEL: 636-449-0239 FAX: 314-205-2303 -Chand Vyas TEL: 636-449-0239 FAX: 314-205-2303	Mobile Armor Crypto Module (Software Version: 2.1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/18/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 and Red Hat Enterprise Linux 3.0 (in single user mode); Pocket PC 2003 -FIPS-approved algorithms: Triple-DES (Cert. #351); AES (Cert. #268); SHS (Cert. #348); RNG (Cert. #98); HMAC (Cert. #83) -Other algorithms: Multi-chip standalone "Mobile Armor's Cross platform implementation of Cryptographic Services for use in Enterprise Mobile Data Security products on the Linux, Windows XP, and Windows CE platform."
588	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-5000 Wireless Gateway (Hardware Versions: 870-500FF-002, 870-500FT-002, 870-500TF-002 and 870-500TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/18/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #254); Triple-DES (Certs. #335 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #329); HMAC (Certs. #12 and #63) -Other algorithms: DES (Cert. #313); Diffie-Hellman (key agreement); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-5000 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
587	Bluesocket, Inc. 10 North Avenue Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-2100 Wireless Gateway (Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002 and 870-212TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005; 12/08/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #76 and #253); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC (Certs. #11 and #12) -Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement, key establishment methodology provides 80-bits of encryption strength); RSA (PKCS#1, key wrapping, key establishment methodology provides 80-bits of encryption strength); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-2100 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
586	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware Versions: 023-5000-980, 023-5000-982, 023-5000-984 and 039-575-1200; Firmware Versions: 4.0, 4.1 and 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/03/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #217); SHS (Cert. #238); HMAC (Cert. #80); DSA (Cert. #110); RNG (Cert. #5) -Other algorithms: DES (Cert. #291); SecureNet DES 1 bit CFB with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms. These algorithms are used for data or voice communication and protection of SEM firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2 Level 1 security."
585	Bluefire Security Technologies 1040 Hull Street #101 Baltimore, MD 21230 USA -Phil Smith TEL: 410-637-8160 FAX: 410-637-8172	Bluefire Mobile Security™ FIPS Cryptographic Module (Software Version: 1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, PocketPC 2003 (single user mode) -FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7) -Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "The Bluefire Mobile Security™ FIPS Cryptographic Module is Bluefire Security Technologies' cryptographic library designed for securing mobile devices such as personal digital assistants (PDA’s) and Smart Phones based on the Microsoft Windows Mobile platform. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
584	Credant Technologies Corporation 15303 Dallas Parkway Suite 1420 Addison, TX 75001 USA -Chris Burchett TEL: 972-458-5407 FAX: 972-458-5454	Credant Cryptographic Kernel[1] and CmgCryptoLib[2] (Software Versions: 1.5[1] and 1.7[2]) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2005; 11/04/2005; 12/07/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Version 1.5 tested as meeting Level 1 with Palm OS 5.4.5. Version 1.7 tested as meeting Level 1 with Windows Mobile 5, Windows Mobile 6, Windows XP SP2 (single user mode), Windows Vista 32-bit (single user mode), and Symbian Series 60 -FIPS-approved algorithms: Triple-DES (Cert. #336); AES (Cert. #255); SHS (Cert. #330); HMAC (Cert. #65); RNG (Cert. #88) -Other algorithms: N/A Multi-chip standalone "CREDANT CmgCryptoLib (previosuly known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library that implements Triple-DES, AES, ANSI X9.31 RNG, SHA-1, and HMAC-SHA-1 algorithms for CREDANT Mobile Guardian (CMG). CMG provides centrally managed mobile data protection via strong authentication, Intelligent Encryption and usage controls with guaranteed data recovery for laptops, desktops, removable media, PDAs and smart phones."
583	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Rose Quijano-Nguyen TEL: 408-473-1313 -Chris Winter TEL: 408-473-1393	CryptoStor FC2002W SAN Security Appliance (Hardware Version: 820-0001-06 Rev2; Firmware Version: 2.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 11/07/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and 183); SHS (Cert. #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Cert. #35) -Other algorithms: N/A Multi-chip standalone "The NeoScale CryptoStor FC2002 appliance, is a Fibre Channel Storage Area Network (SAN) data security appliance that provides data flow control and encryption based on configured policy rules. Operating as a fully transparent, in-line storage appliance, the FC2002 inspects storage traffic and applies information flow controls and strong encryption to the data payload at gigabit rates. Storage data privacy policies are centrally managed, employing access and encryption rules which are easily modified to suit current and evolving storage infrastructures. Deep frame inspection allows access and encryption policies to be dynamically applied at wirespeed. True gigabit throughput with low latency and transparent operation ensures uninterrupted, scalable storage data protection."
582	Oceana Sensor Technologies, Inc. 1632 Corporate Landing Parkway Virginia Beach, VA 23454 USA -Alex Kalasinski TEL: 757-426-3678 FAX: 757-426-3633 -Don Kennamer TEL: 757-426-3678 FAX: 757-426-3633	Fortress Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.4.2 running on Windows 2000 Service Pack 4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #256); Triple-DES (Cert. #337); RSA (Cert. #65); SHS (Cert. #331); HMAC (Cert. #66); RNG (Cert. #89) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); Rijndael Multi-chip standalone "The Oceana Sensor Technologies Fortress Cryptographic LibraryTM (FCL) is a cryptographically secure interface to applications both internal and external to the OST product. It has many features and supports AES, Triple DES and RSA. It is entirely a software product."
581	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -David Aylesworth TEL: 813-288-7388 FAX: 813-288-7389	AirFortress™ Wireless Security Gateway (Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/27/2005; 04/26/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
580	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Simon Gerraty TEL: 408-745-2348 FAX: 408-745-8905	AS2-FIPS PIC (Hardware Versions: PB-AS2-FIPS, PE-AS2-FIPS, Rev. A and B; Software Versions: 7.2R1.7 and 7.4R1.7; Firmware Version: 560-011740 (Rev. 4.008)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005 12/02/2005; 01/27/2006; 06/14/2006; 12/19/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #69); Triple-DES (Certs. #341 and #350); SHS (Certs. #336 and #347); HMAC (Cert. #71); RNG (Cert. #93) -Other algorithms: MD5; DES (Cert. #324); RSA (key wrapping, key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The Adaptive Services (AS) Physical Interface Card (PIC) is a multi-chip embedded cryptographic module, which supports a new level of services integration and performance. The AS2-FIPS PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future. With high-speed NAT and stateful firewall, providers can protect their networks and simultaneously deploy network-based security and VPN solutions."
579	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio (Hardware Versions: RU101188V1, RU101188V21, RU101188V12, RU101188V22, RU101188V31, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V51, RU101219V61, RU101219V63, RU101219V41, RU101219V71 and RU101219V73; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #155) -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7150IP Scan Portable/M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
578	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Java Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005; 07/20/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1 and 1.4.2 running on Windows 2003 x86 (Binary compatible to Windows 98/2000/XP); Red Hat Linux Application Server 3.0 x86 (Binary compatible to AS 2.1); Solaris 2.9 32-bit SPARC; Solaris 2.9 64-bit SPARC -FIPS-approved algorithms: Triple-DES (Cert. #318); AES (Cert. #227); SHS (Cert. #307); HMAC (Cert. #37); RNG (Cert. #68); DSA (Cert. #128); ECDSA (Cert. #6); RSA (Cert. #54) -Other algorithms: DES (Cert. #298); ARC2; ARC4; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); EC MQV (key agreement); RSA (Cert. #52, key wrapping) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
577	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-9577	P7170IP System Portable Two-Way FM Radios (Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16) (When operated in FIPS mode) Revoked Security Policy Certificate	Hardware	10/25/2005; 08/16/2006; 10/22/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #155); -Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm) Multi-chip standalone "The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
576	PalmSource, Inc. 1188 East Arques Avenue Sunnyvale, CA 94085 USA -Laurent Sanchez TEL: 408-400-3000 FAX: 408-400-1510	Cryptographic Provider Module + FIPS Provider (Software Version: 5.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/25/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm Tungsten™ C running Palm OS version 5.2.1 -FIPS-approved algorithms: AES (Cert. #114); Triple-DES (Cert. #226); HMAC (Cert. #46); RNG (Cert. #63); SHS (Certs. #303 and #202) -Other algorithms: N/A Multi-chip standalone "The PalmSource Cryptographic Provider Module + FIPS Provider version 5.2.2 is a software library that implements cryptographic functions and is contained within a defined cryptographic boundary using the PalmOS version 5.2.1."
575	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/25/2005; 05/26/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine comman interface; Supports GSC-IS 2.1 data model; Can be configured for Level and Level 3 modes."
574	RedCannon Security 42808 Christy Street Suite #108 Fremont, CA 94538 USA -Kurt Lennartsson TEL: 510-498-4104 FAX: 510-498-4109 -Brian Wood TEL: 410-902-9779	RedCannon Cryptographic Module (Software Version: 1.3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional with Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #249); Triple-DES (Cert. #334); SHS (Cert. #327); HMAC (Cert. #58); RSA (Cert. #64); RNG (Cert. #87) -Other algorithms: DES (Cert. #312); TwoFish; BlowFish; Serpent; CAST; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 150-bits of encryption strength); RSA (key generation; non-compliant); RSA (PKCS#1; key transport; key establishment methodology provides 80-bits of encryption strength) Multi-chip standalone "The RedCannon Crypto Module provides cryptographic support for the RedCannon line of products. The crypto module is used to create, manage and delete cryptographic keys as well as to perform cryptographic operations. The crypto module can be used for multiple functions within the RedCannon applications. It provides a structured set of APIs, which can be called to perform these functions. This provides flexibility for the module and the ability to add new applications for the crypto module functions in the future without changing the module itself."
573	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB2 - 2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
572	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2) Cryptographic Module (Hardware Versions: P/N A1002057, A1002631 and A1006577; Firmware Version: Hardmask 1V3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/15/2005; 10/31/2005; 05/25/2006; 07/28/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64) -Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed); Single-chip "The Cyberflex Access 64K V2 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card is part of a range of Axalto highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
571	AirMagnet, Inc. 1325 Chesapeake Terrace Sunnyvale, CA 94089 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor AM-5010-11-AG and AM-5012-11AG (Hardware Versions: AM-5010-11-AG and AM-5012-11AG; Firmware Version: 5.2.0-2928) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/12/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #214); Triple-DES (Cert. #307); SHS (Cert. #295); RSA (Cert. #47); RNG (Cert. #60); HMAC (Cert. #23) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant); DES; RC2; IDEA Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
570	Thales e-Security Meadow View House, Crendon Industrial Estate, Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 1844 201800 FAX: +44 1844 202170	Secure Generic Sub-System (SGSS), Version 3.2 (Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/07/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
569	Funk Software, Inc. 222 Third Street Cambridge, MA 02142 USA -Steven Erickson TEL: 978-371-3980 x112 FAX: 978-371-3990	Odyssey Security Component and Odyssey Security Component/Portable (Software Version: 1.2) Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2005; 01/13/2006; 02/24/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP, Red Hat Linux 9.0 (single user mode) -FIPS-approved algorithms: AES (Certs. #245 and #246); Triple-DES (Certs. #331 and #332); SHS (Certs. #322 and #323); HMAC (Certs. #53 and #55); RSA (Certs. #61 and #62); DSA (Certs. #133 and #135); RNG (Certs. #79 and #84); CCM (Certs. #2 and #3) -Other algorithms: DES (Certs. #309 and #310); Diffie-Hellman (key agreement) Multi-chip standalone "The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms, while the portable (C) version can be used on a large variety of platforms."
568	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 525 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
567	Caymas Systems Inc. 1179-A N. McDowell Blvd. Petaluma, CA 94954 USA -Joe Howard TEL: 707-283-5000 FAX: 707-283-5001	Caymas Systems 318 Identity-Driven Access Gateway (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/30/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4 Multi-chip standalone "The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
566	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Donovan Deakin TEL: 206-217-7500 FAX: 206-217-7515	Reflection Security Component for Java (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/19/2005	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX 400 running Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; HP Proliant ML 330 running Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1 (configured in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20) -Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
565	Schweitzer Engineering Laboratories, Inc. 2545 NE Hopkins Court Pullman, WA 99163-5603 USA -David Whitehead TEL: 509-336-2417 FAX: 509-336-2406	SEL-3021 Serial Encrypting Transceiver (Hardware Version: P/N SEL-3021, Version 00004CA8; Firmware Version: SEL-3021-R105-V0-Z002001-D20050701) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #202); SHS (Cert. #279); HMAC (Cert. #14); RNG (Cert. #46) -Other algorithms: N/A Multi-chip standalone "The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks."
564	SkyTel Corp. 500 Clinton Center Drive Bldg. 2, Floor 4 Clinton, MS 39056 USA -Mike Sheffield TEL: 601-460-3627 FAX: 888-944-7396	SkyTel ST900 Secure 2Way (Hardware Version: P/N ST900, Version 2.0; Firmware Versions: 20050624 ver.f.2.9 and 20050705 ver.f.3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005; 10/13/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #261); RNG (Cert. #95); HMAC (Cert. #74); SHS (Cert. #341) -Other algorithms: Elliptic Curve Diffie-Hellman (key agreement) Multi-chip standalone "SkyTel ST900 Secure 2Way is a wireless product for agencies transmitting sensitive and critical communications. The device, an ST900 2Way pager, operates on narrowband PCS, recommended for reliability and superior inbuilding penetration. It is password-protected, with AES encryption and encryption key establishment based on ANSI X9.63."
563	Snapshield, Ltd. 1 Research Court Suite 450 Rockville, MD 20850 USA -Uri Naor TEL: 301-216-3805 FAX: 301-519-8001 -Rolando Rosas - Snap Defense Systems, LLC TEL: 703-766-6540 FAX: 703-766-6501	SNAPcell (Hardware Version: P/N Snapcell, Version 1.5; Firmware Versions: 5133 050322.2 SnapP2P.2 and 5133 050322.2 SnapP2MP.2) Snapcell (Hardware Version: P/N Snapcell-F, Version 1.5; Firmware Versions: SnapP2P.2 and SnapP2MP.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/19/2005 12/02/2005; 12/22/2005; 01/13/2006	Overall Level: 2  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #212); SHS (Cert. #289); RNG (Cert. #53) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "SNAPcell is a plug-in cellular accessory for Sony Ericsson handsets which enable secure end-to-end GSM communications. SNAPcell draws a new key for each session. SNAPcell requires minimum user intervention with seamless operation and due to the efficient implementation of the encryption algorithms it has minimum impact on the handset battery life. SNAPcell can be used across all four GSM frequency bands and the handset or the subscriber cannot be identifiable within the network. SNAPcell can be easily transferred from one device to another." "Snapcell is a high assurance, lightweight, micro-adapter that secures cellular communications, end-to-end on any GSM frequency (850/900/1800/1900). Snapcell is compatible with standard Sony-Ericsson (GSM) mobile phones. Snapcell is approved for exporting outside the USA. Snapcell is also available with an optional centralized enterprise manager gateway (CEMG) that provides a secure single-point of administration for networking up to several thousands of users over public and private networks. Snapcell is currently deployed by the U.S. Special Forces, U.S. Navy, Coalition partners and financial institutions in over 30 countries."
562	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677	Crypto++ Library (Software Version: 5.2.3) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/29/2005; 08/24/2005; 10/28/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional, Service Pack 1 (single user mode) -FIPS-approved algorithms: Skipjack (Cert. #14); Triple-DES (Cert. #309); AES (Cert. #216); SHS (Certs. #134 and #298); DSA (Cert. #79); RSA (Cert. #50); ECDSA (Cert. #5); HMAC (Cert. #26); RNG (Cert. #61); Triple-DES MAC (Cert. #309, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
561	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Bill Bialick TEL: 410-964-6400 FAX: 410-964-5154	LYNKS Privacy Card (Hardware Version 2.0; Firmware Version: 1.c) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/29/2005	Overall Level: 2  -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA Multi-chip standalone "The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
560	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Klorida Miraj TEL: 425-421-5229 -Katharine Holdsworth TEL: 425-706-7923	Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) (Software Versions: 5.01.01603 [1], 5.00.911762 [1], 5.04.17228 [2] and 5.05.19202 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2005 08/24/2005; 06/21/2006; 06/28/2006; 06/29/2006; 12/08/2006; 05/14/2007; 02/21/2008; 04/04/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 5.01, Windows CE 5.00, Windows Mobile 6.0 and Windows Mobile 6.1 -FIPS-approved algorithms: AES (Certs. #224 [1] and #507 [2]); Triple-DES (Certs. #315 [1] and #517 [2]); RSA (Certs. #52 [1] and #222 [2]); RNG (Certs. #66 [1] and #286 [2]); SHS (Certs. #305 [1] and #578 [2]); HMAC (Certs. #31 [1] and #260 [2]) -Other algorithms: DES (Cert. #296 [1]); MD5; HMACMD5; RC2; RC4; DES [2] Multi-chip standalone "Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of generalpurpose cryptography."
559	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004 -David Passamonte TEL: 978-288-8973 FAX: 978-288-4004	Contivity® VPN Client (Software Version: 5.11_021) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/25/2005; 08/24/2005; 08/29/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional Service Pack 2 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #218); Triple-DES (Cert. #310); SHS (Cert. #299); HMAC (Cert. #28); RNG (Cert. #62) -Other algorithms: Diffie-Hellman (key agreement); DES; 40-bit DES; MD5; ECDH (key agreement); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
558	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5 (Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/25/2005; 05/26/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine command interface; Supports GSC-IS 2.1 data model."
557	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series iBridge and Telkonet G3 Series eXtender (Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/25/2005; 04/04/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
556	JP Mobile, Inc. 12000 Ford Road Suite 400 Dallas, TX 75234 USA -Kishore Kankipati TEL: 972-277-8340 FAX: 972-484-4154	SureWave Mobile Defense Security Kernel (Software Version: 5.0.050107) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/07/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft PocketPC 2003 Premium -FIPS-approved algorithms: AES (Cert. #221); SHS (Cert. #302); Triple-DES (Cert. #313); Triple-DES MAC (Cert. #313, vendor affirmed); RNG (Cert. #65) -Other algorithms: DES (Cert. #294); Blowfish; MD5 Multi-chip standalone "The SureWave Mobile Defense Security Kernel controls the cryptographic functions of various versions of the SureWave Mobile Defense 4.0 software for Palm, Pocket PC, and Symbian OS enabled devices. Although the same kernel is used in all versions of PDA Defense 4.0, it has only been tested and validated for use on the Pocket PC 2003 Premium."
555	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Hui Chen TEL: 510-936-4839	Sun Cryptographic Accelerator 4000 (Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber), 501-6039-05 and 501-6039-06 (UTP/Copper); Firmware Versions: 2.0 and 2.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2005; 07/28/2005; 09/16/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHS (Certs. #171 and #172); HMAC (Certs. #34 and #88); DSA (Cert. #92); RNG (Cert. #108); RSA (Cert. #95) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software."
554	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Versions: DS1955B PB3 - 3.02 and DS1955B PB5 - 5.00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/29/2005; 10/18/2005; 03/29/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #185, vendor affirmed); RNG (Cert. #86) -Other algorithms: DES (Cert. #222); HMAC (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the Canada Post Corporations Digital Indicia Standard. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digitial metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
553	Telkonet Communications, Inc. 20374 Seneca Meadows Pkwy Germantown, MD 20876-7004 USA -Jill Parlett TEL: 410-627-3994 FAX: 240-912-1839	Telkonet G3 Series Gateway (Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2005; 07/07/2005; 03/29/2006; 08/29/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #223) -Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
552	Gemplus Corp. Avenue du Pic de Bretagne BP 100 Gemenos Cedex, 13881 France -Anthony Vella TEL: +33 (0) 4 42 36 61 38	GemXpresso Pro R3 E64 PK - FIPS with DAL C3 Applet Suite (Hardware Version: GP92; Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applets: Access Control Applet Version 1.0 and GSC Service Applet Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/20/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #95); SHS (Cert. #82); RSA (Cert. #33); Triple-DES MAC (Cert. #95, vendor affirmed); RNG (Cert. #44) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed); Single-chip "This module is based on a Gemplus Open OS Smart Card with a large 64K EEPROM memory, and on a cryptographic applet suite developed by Dreifus Associates LTD. Inc. The SmartCard platform has on board Triple DES and RSA algorithms and provides on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.1.1, Global Platform 2.0.1', and GSC-IS v2.1 standards-Card Edge Interface for VM cards, and is very well suited for US Government and Federal projects."
551	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N94i/155 SMM (Hardware Version: 3000186T A; Firmware Versions: 3800157W Version L4 (SH1), 3800159Y Version F (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2005; 10/03/2006	Overall Level: 3  -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (vendor affirmed) -Other algorithms: Multi-chip embedded "The N94i/155 module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet printhead, the module is capable of producing up to 110 envelopes per minute."
550	Priva Technologies, Inc. 1054 S. De Anza Blvd. Suite 201 San Jose, CA 95129 USA -William Sibert TEL: 312-560-5317 FAX: 208-330-3470	Priva Technologies Cleared IC (Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #299) -Other algorithms: Single-chip "This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
549	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Chrisophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Version: E303-063792) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 08/16/2006; 04/30/2007	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROm space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional feature include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
548	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N 77; Firmware Versions: E303-063683 and E303-063684) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/09/2005; 09/23/2005; 05/16/2006; 08/16/2006; 04/30/2007; 10/15/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed) Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On- Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
547	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Dennis Crowe TEL: 203-924-3500 FAX: 203-924-3352	Compliant Meter Postal Security Device (CoMet PSD) (Hardware Versions: US: 1A00ABA Revision A and 1A0TAAA Revision A; German: 1A51AAA Revision B; Canada: 1AECABA Revision A and 1ACTAAA.) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 02/24/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); HMAC-SHA-1 (Cert. #86, vendor affirmed); Skipjack (Cert. #6); ECDSA (ANSI X9.62, vendor affirmed); RNG (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, key wrapping) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Canada Post Corporations Digital Indicia Standard, and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
546	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen 204 and 208 (Hardware Version: P/N NS-204 and NS-208, Version 0110; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
545	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5400 (Hardware Version: P/N NS-5400 Version 3010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert #33) -Other algorithms: DES (Certs. #174 and #184) ; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5400 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
544	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5200 (Hardware Version: P/N NS-5200 Version 3010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5200 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
543	Utimaco® Safeware AG Germanusstr. 4 Aachen, 52080 Germany -Rainer Herbertz TEL: +49 241 1696 240 FAX: +49 241 1696 222	CryptoServer® 2000 (Hardware Version: P/N CryptoServer® 2000, Version 1.0.2.0; Firmware Version: 1.0.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #284); Triple-DES MAC (Cert. #284, vendor affirmed); AES (Cert. #182); SHS (Certs. #268 and #297); RSA (Certs. #25 and #49); RNG (Cert. #34) -Other algorithms: Diffie-Hellman (key agreement); IDEA; Safer; MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC; DES Multi-chip embedded "The CryptoServer® 2000 is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functions."
542	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356	Security Builder FIPS Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/02/2005; 03/16/2006; 08/29/2006; 11/06/2006; 07/20/2007; 09/12/2007; 04/29/2008; 06/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Red Hat Linux Application Server 3.0, x86; Solaris 2.9, SPARC 32- bit; SPARC; Solaris 2.9, SPARC 64-bit; SPARC; HP-UX 11.00, 32-bit PA-RISC; HP-UX 11.00, 64-bit PA-RISC; Windows 2003, x86; Windows 2003, Itanium; AIX 5.2, 32-bit Power PC; AIX 5.2, 64-bit Power PC; Red Hat Linux Application Server 3.0, Itanium; HP-UX 11i, Itanium; Windows CE 3.0, ARM; Symbian 9, ARM; Linux 64-bit; Windows 64-bit, x86; Windows Vista, x86; Windows Vista 64 bit, 64 bit x86; HPUX B11 32-bit IA64; Solaris 8 32 Bit; Solaris 10 64 Bit; and Red Hat Linux AS 4.0 32 bit and 64 bit on an IBM PowerPC 5 (all in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #276); AES (Cert. #175); SHS (Cert. #260); RSA (Cert. #20); HMAC (Cert. #9); RNG (Cert. #25); DSA (Cert. #115); ECDSA (Cert. #1) -Other algorithms: DES (Cert. #272); DES-X; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ARC2; ARC4; MD2; MD5; HMAC-MD5 Multi-chip standalone "The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API. The module can also be used in conjunction with other C."
541	AEP Networks Focus 31, West Wing Cleveland Rd New Hempstead, Herts HP2 7BW United Kingdom -Paul Goffin TEL: +44 1442 458624 -David Miller TEL: +44 1442 458600 FAX: +44 1442 458601	AEP Enterprise CM (Hardware Version: 2731_G1; Firmware Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/02/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #290); AES (Cert. #196); DSA (Cert. #123); SHS (Cert. #275); RNG (Cert. #41); RSA (Cert. #32); Triple-DES MAC (Cert. #290, vendor affirmed) -Other algorithms: DES (Cert. #281); MD5; Diffie-Hellman (key agreement); XOR Multi-chip embedded "The AEP Enterprise CM by AEP Networks offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The AEP Enterprise CM is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
540	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-500 (Hardware Version: P/N NS-500 Version 4110; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32) -Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
539	Juniper Networks, Inc. 1194 Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-3032	Juniper Networks NetScreen-5XT (Hardware Version: P/N NS-5XT Version 1010; Firmware Version ScreenOS 5.0 r9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/02/2005; 06/10/2005 12/02/2005; 01/26/2006; 06/20/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33) -Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
538	Rockwell Collins, Inc. 400 Collins Road NE Cedar Rapids, IA 52498 USA TEL: 319-295-5997	Common Crypto Circuit Card Assembly (Hardware Version: 944-2541-002; Software Version: 091-3186-001) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005	Overall Level: 1  -Physical Security: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #169) -Other algorithms: Serpent; Twofish; Triple-DES Multi-chip embedded "The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
537	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI (Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
536	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI (Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
535	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2022P-000 Build Standard E; Firmware Version: 2.18.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: N/A Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
534	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI (Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers.. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
533	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI (Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 06/06/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
532	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Hardware Versions: nC3022P-150 and nC3022P-300 Build Standard E; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
531	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI and nForce 400 SCSI (Hardware Versions: nC3022W-150 and nC3022W-400 Build Standard D; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
530	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI and F2 Ultrasign SCSI (Hardware Versions: nC4022W-150 and nC4022W-400 Build Standard DR; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
529	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI and nShield F2 Ultrasign PCI (Hardware Versions: nC4022P-150 and nC4022P-300 Build Standard ER; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
528	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM (Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
527	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM (Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
526	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI (Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
525	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI (Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-3) (When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/10/2005; 03/09/2006; 03/15/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
524	IBM® Corporation 2455 South Road P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540 -Kevin Gotze TEL: 845-435-1056	IBM eServer Cryptographic Coprocessor Security Module (Hardware Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/27/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #215); AES (Cert. #103); SHS (Cert. #194); DSA (Cert. #106); RNG (Cert. #36) -Other algorithms: DES (Cert. #237); DES MAC (Cert. #237, vendor affirmed); MD5; RSA (ISO 9796) Multi-chip embedded "The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptograhpic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use as a feature in IBM eServer, zSeries990 and zSeries890 servers."
523	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166-9309 USA -Michael Teal TEL: 571-434-2129 FAX: 571-434-2001	Cryptek Common Security Module (CSM) (Hardware Versions: 5110N0017-1, 5110N0017-2, 5110N0017-3, 5110N0017-4; Firmware Versions: 2.1.9 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/27/2005; 06/29/2005; 10/13/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24) -Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5, Diffie-Hellman (key agreement) Multi-chip embedded "The CSM is a secure network product designed to enforce three distinct information flow policies: Mandatory Access Control (MAC), Discretionary access Control (DAC), and Packet filtering. The design can support multiple security domains on a single network infrastructure by combining cryptography and labeling technology. The Cryptek CSM hardware and firmware constitute the core technology used in the DiamondLink, DiamondVPN, DiamondPAK, DiamondSAT, DiamondUTC, CL100, CL150, CL100-F, CP102, CP104, CP106, CV100, CS101, CS102, and CT100."
522	Voltage Security, Inc. 1070 Arastradero Road Suite 100 Palo Alto, CA 94304 USA -Matt Pauker TEL: 650-543-1280 FAX: 650-543-1279	Voltage IBE Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/27/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Windows 2003 Server, Windows XP Service Pack 2 (in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #291); AES (Cert. #199); DSA (Cert. #124); SHS (Cert. #277); RNG (Cert. #43) -Other algorithms: DES (Cert. #282); MD5; Identity Based Encryption (IBE) Multi-chip standalone "The Voltage IBE Cryptographic Module is a component of the Voltage IBE Toolkit, a set of development tools that enable any application to quickly and easily use Identity Based Encryption (IBE) to secure data. IBE uses simple strings like email or IP addresses as public keys, eliminating the need for certificates and associated management. The Voltage IBE Cryptographic Module also contains implementations of 3DES, AES, SHA- 1, and DSA. The Voltage IBE Toolkit is available for download at http://developer.voltage.com"
521	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	Port Authority 88 (Hardware Version: 01-03-0780; Firmware Version: 2.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed) -Other algorithms: Multi-chip standalone "The Port Authority 88 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 88 stores its own database of up to 150 users right on board. The Port Authority 88 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
520	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	Port Authority 44 (Hardware Version: 01-03-0782; Firmware Version: 2.15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed) -Other algorithms: Multi-chip standalone "The Port Authority 44 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 44 stores its own database of up to 150 users right on board. The Port Authority 44 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
519	Avaya, Inc. Atidim Technology Park Tel Aviv, 61131 Israel -Pesah Spector TEL: +972 3645 9162 FAX: +972 3645 8462	G350 Branch Office Media Gateway w/FIPS (Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 23.18.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005; 05/05/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Cert. #171); SHS (Cert. #256); HMAC-SHA-1 (Cert. #256, vendor affirmed); RSA (Cert. #17); RNG (Cert. #21) -Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement); MD5; H248 Link Encryption; Avaya Media Encryption; SSHv2 Multi-chip standalone "The Avaya G350 Branch Office Media Gateway is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
518	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Cisco 831 Secure Broadband Router (Hardware Version: 831; Firmware Version: 12.3(8)T5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/07/2005; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #271); AES (Cert. #46); RNG (Cert. #31); SHS (Cert. #252); HMAC-SHA-1 (Cert. #252; vendor affirmed) -Other algorithms: DES (Cert. #267); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "Branch office networking requirements are dramatically evolving, driven by web and e-commerce applications to enhance productivity and merging the voice and data infrastructure to reduce costs. The Cisco 831 Secure Broadband Router provides a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
517	SafeNet Canada, Inc. and Cavium Networks One Chrysalis Way Ottawa, Ontario K2G 6P9 Canada -Randy Kun TEL: 613-723-5076 x3427 FAX: 613-274-6365 -Rajneesh Gaur TEL: 408-844-8420 x212 FAX: 408-844-8418	Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board (Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/22/2005 12/02/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip embedded "The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
516	SafeNet Canada, Inc. and Cavium Networks One Chrysalis Way Ottawa, Ontario K2G 6P9 Canada -Randy Kun TEL: 613-723-5076 x3427 FAX: 613-274-6365 -Rajneesh Gaur TEL: 408-844-8420 x212 FAX: 408-844-8418	Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board (Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/22/2005 12/02/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip embedded "The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
515	GuardianEdge Technologies, Inc. 475 Brannan Street Suite 400 San Francisco, CA 94107 USA -Seth Ross TEL: 415-683-2240 FAX: 415-683-2349	Encryption Plus Cryptographic Library (Software Versions: 1.0.1, 1.0.2 and 1.0.4) Validated to FIPS 140-2 Security Policy Certificate	Software	03/22/2005; 02/23/2006; 02/24/2006; 02/27/2006; 11/28/2007; 04/29/2008; 05/08/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 for Versions 1.0.1 and 1.0.2 with Microsoft Windows 2000 Service Pack 4 (in single-user mode) and Version 1.0.4 with Microsoft Windows Vista Ultimate Service Pack 1 and Microsoft Windows XP Service Pack 2 (in single-user mode) -FIPS-approved algorithms: AES (Certs. #154 and #759); HMAC-SHA-1 (Cert. #239, vendor affirmed); HMAC (Cert. #414); SHS (Certs. #239 and #766); RNG (Certs. #45 and #437) -Other algorithms: N/A Multi-chip standalone "The Encryption Plus Cryptographic Library is a compact and fast encryption module that provides cryptographic services to the following products: GuardianEdge Data Protection Framework, GuardianEdge Hard Disk Encryption, GuardianEdge Removable Storage Encryption, Encryption Anywhere Hard Disk, Encryption Anywhere Removable Storage, Encryption Anywhere CD-DVD, Encryption Plus Hard Disk, Encryption Plus Email, and Encryption Plus Folders."
514	WRQ, Inc. 1500 Dexter Avenue North Seattle, WA 98109 USA -Eric Raisters TEL: 206-217-7100 FAX: 206-217-7515	Reflection Security Component (RSC) (Software Version: 12.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/15/2005	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP3 (in single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #278, #279 and #280); AES (Cert. #176); RSA (Cert. #21); DSA (Cert. #116); SHS (Certs. #261, #262 and #263); HMAC-SHA-1 (Certs. #261, #262 and #263, vendor affirmed); RNG (#26) -Other algorithms: DES (Certs. #273 and #274); Diffie-Hellman (key agreement); Blowfish; Arcfour; CAST; RIPEMD 160; MD4; MD5; HMAC-MD5 Multi-chip standalone "WRQ Reflection software provides a complete range of terminal-emulation and PC X-server solutions for host access from Windows PCs. Each solution is specifically designed to boost IT efficiency and user productivity and includes full support for popular network security protocols such as Secure Shell, TLS/SSL, and Kerberos."
513	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	DPHx Radio with LZA0577 Cryptographic Module (Hardware Version: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606 and 030206; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05060-0000, 722-05061-0000) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/15/2005; 04/20/2005; 06/06/2005; 01/31/2006; 03/29/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #195); RSA (Cert. #31); ShA-1 (Cert. #274) -Other algorithms: DES (Cert. #280); NDRNG Multi-chip standalone "The DPHx Radio with LZA0577 Cryptographic Module is a public safety radio that provides secure, encrypted digital communication."
512	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Communication Cryptographic Library (CCL) (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/15/2004; 05/05/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1; Pocket PC 2003 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #131); SHS (Cert. #215); DSA (Cert. #101); HMAC-SHA-1 (Cert. #215, vendor affirmed); RNG (Cert. #6) -Other algorithms: DES (Cert. #248); SecureNet DES 1 bit CFB with differential encoding and decoding; DES 8 bit CFB; DES 8 bit OFB; DES 1 bit CFB Multi-chip standalone "The E.F. Johnson Co. Communication Cryptographic Library (CCL) is a Microsoft Windows 2000/2003/XP and Pocket PC 2003 Dynamic Link Library that performs security related functions. The CCL is packaged as a Software Development Kit which makes available an Application Programming Interface (API) for all the security functions of the CCL. The security functions available via the APIs are: AES 128 bit, AES 192 bit, AES 256 bit, DES, DSA 1024 bit Signature Generation and Verification, HMAC, PRNG, and SHA-1. The CCL is used in the E.F. Johnson Subscriber Management Assistant key loader."
511	Forum Systems, Inc. 45 West 10000 South Suite 415 Sandy, UT 84070 USA -Bruce Herron TEL: 425 882 9808 FAX: 801-313-4401	Forum FIA Gateway 1504G (Hardware Version: 1504; Firmware Version: 4.3) (When operated in FIPS mode and using the nCipher 1600 PCI card (Cert. #402)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/28/2005; 03/02/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #267); AES (Cert. #165); SHS (Cert. #249); HMAC-SHA-1 (Cert. #249, vendor affirmed); DSA (Cert. #60); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #265); Diffie-Hellman (key agreement); MD5; RC4 Multi-chip standalone "Forum FIA Gateway provides the foundation infrastructure that drives a return on investment by enabling secure XML and Web services communications for mission critical applications. Forum FIA Gateway industry specific solutions include: government compliance, secure electronic forms, secure partner integration, secure partner collaboration, electronic notary, evidence repository as well as secure Service Oriented Architectures."
510	AEP Networks 40 West Gude Drive Suite 100 Rockville, MD 20850 USA -Chris Brook TEL: 240-399-1214 FAX: 240-399-1250	SmartGate (Software Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/28/2005; 03/02/2005; 05/23/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux RedHat 7.2; Sun Solaris 8 -FIPS-approved algorithms: AES (Cert. #35); Triple-DES (Cert. #263); SHA-1 (Cert. #87); RSA (Cert. #11); RNG (Cert. #9) -Other algorithms: DES (Cert. #159); DES MAC (Cert. #159, vendor affirmed); RC4; MD5 Multi-chip standalone "SmartGate is one of the most comprehensive security products on the market. It is a virtual private network (VPN) software that provides secure encrypted channels between users outside your network and the applications and data contained within your network. Fine-grain access control ensures that authorized users are allowed access to specific applications only."
509	Dreifus Associates Limited, Inc. 3300 W. Lake Mary Blvd. Suite 300 Lake Mary, FL 32746 USA -Nicholas D. Pileggi Jr. TEL: 407-585-2840 FAX: 407-531-9932	DAL C32 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip (Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/28/2005; 03/23/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed); Single-chip "The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
508	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (ME) (Software Version: 1.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/28/2005; 10/07/2005; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, Solaris 8 32-bit, Solaris 8 64-bit, Red Hat Linux 7.2, Red Hat Enterprise Linux Advanced Server 3.0, PocketPC 2003, AIX 5L 5.2, HP-UX 11.0 PARISC2.0, HP-UX 11.0 PARISC 2.0W, HP-UX 11.11 PARISC2.0, HP-UX 11.11 PARISC2.0W, VxWorks 5.4 PowerPC750, VxWorks 5.5 PowerPC7410, VxWorks 5.5 PowerQuicc II -FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7) -Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
507	IMAG Technologies, Inc. 5270A Imperial Street Burnaby, BC V5J 1E4 Canada -Gerry Smalley TEL: 604-430-6460 FAX: 604-430-6475	TIMAC Cryptographic Module (Hardware Version: P/N EM01-01 Rev. 1.1; Firmware Version; 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/11/2005; 04/07/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #149) -Other algorithms: Multi-chip embedded "IMAG Technologies' TIMAC module is a header mounted multi-chip embedded firmware microprocessor module used to encrypt and decrypt serial data. The device is a FIPS 140-2 Level 3 compliant, high performance, encryption module implementing the AES algorithm operating in 128 bit ECB, CBC, and CFB modes. The chip may be incorporated into IMAG's Bluetooth Enabled wire replacement products, or may be used in other data transmission applications requiring NSA approved serial data encryption."
506	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client) (Software Version: 4.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/24/2005; 04/30/2007; 06/23/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 withWindows 2000 Professional (Service Pack 2) and Windows XP Professional in single-user mode -FIPS-approved algorithms: DSA (Certs. #53 and #112); AES (Certs. #21 and #170); RNG (Cert. #15); SHS (Certs. #71 and #254) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "McAfee Endpoint Encryption for PCs Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
505	Meganet Corporation 350 South Figueroa Street Suite 450 Los Angeles, CA 90071 USA -Saul Backal TEL: 213-620-1666 FAX: 213-620-1655	VME Crypto Engine (Version 4.4.0.0/M145) (When operated with the Microsoft® Base Cryptographic Provider validated to FIPS 140-1 under Certificate #238 operating in FIPS mode for the operating systems specified) Validated to FIPS 140-2 Security Policy Certificate	Software	01/24/2005; 02/04/2005; 05/04/2005; 12/07/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Version 2002 SP1. The following operating systems must use the Microsoft® Base Cryptographic Provider validated to FIPS 140-2 under Certificate #238 operating in FIPS mode: Windows 98, Second Edition, Windows ME Build 4.90.3000, Windows NT 4.0 Workstation SP 6, Windows NT 4.0 Server SP 6, Windows 2000 Professional SP4, Windows 2000 Server SP 4, Windows 2000 Advanced Server SP 4, Windows XP Home Edition SP 1, Windows Server 2003 Enterprise Edition (all in single-user mode) -FIPS-approved algorithms: AES (Cert. #77); Triple-DES (Cert. #188); SHA-1 (Cert. #83); RSA (PKCS #1, vendor affirmed) -Other algorithms: VME Multi-chip standalone "VME Crypto Engine is a suite of tools that make data encryption and decryption easy and reliable. VME Crypto Engine also provides tools that allow you to encrypt and decrypt email messages, chat sessions, files transmitted ftp, and more."
504	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6200 x6202 FAX: 954-888-6211	DC2K Security Module (Hardware Version: 3.411 (build 1213B130_PL_Iss002); Software Version: v3.411, Magazines: Triple-DES magazine version DHDES3_V1_81, AES magazine versions DHAES128_V1_19, DHAES192_V1_10 and DHAES256_V1_10) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/24/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #251); AES (Certs. #151, #152 and #153); SHS (Cert. #230); DSA (Cert. #104); RNG (Cert. #17) -Other algorithms: Multi-chip embedded "The DC2K Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® 2000 that secures communications using signed Diffie-Hellman key exchange and Triple-DES or AES encryption over point-to-point links, X.25, Frame Relay, and IP networks. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
503	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6200 x6202 FAX: 954-888-6211	DCAP Security Module (Hardware Version: v3.511 (build 1213E130_PL_Iss003); Software Version: v3.511, Magazines: Triple-DES magazine version DHDES3_V1_95, AES magazine versions DHAES128_V1_31, DHAES192_V1_22 and DHAES256_V1_21) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/24/2005; 03/14/2005; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #282); AES (Certs. #178, #179 and #180); SHS (Cert. #266); DSA (Cert. #117); RNG (Cert. #29) -Other algorithms: Multi-chip embedded "The DCAP Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® Advanced Performance Cryptographic Module (known as the Datacryptor® AP). It secures communications using signed Diffie-Hellman key exchange and Triple- DES or AES encryption over IP networks. It provides data encryption rates of up to 100 Megabits per second (Mbps). The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
502	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-525A, 3e-525N and 3e-519 Wireless Gateway (Hardware and Firmware Versions: 3e-525A ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]), 3e-525N ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]) and 3e-519 ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16])) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005; 10/31/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. #200); HMAC (Cert. #13); SHS (Cert. #278); RNG (Cert. #22) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, non-compliant); MD5; RC4; DES; AES (non-compliant) Multi-chip standalone "A problem of increasing concern in the deployment of Wireless LANs throughout enterprise environments is security. 3e Technologies International meets this need by providing a secure, accessible, highperformance WLAN end-to-end solution, through its family of Secure Wireless Gateway/Access Points and Secure Client solutions. The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wire."
501	Dreifus Associates Limited, Inc. 3300 W. Lake Mary Blvd. Suite 300 Lake Mary, FL 32746 USA -Nicholas D. Pileggi Jr. TEL: 407-585-2840 FAX: 407-531-9932	DAL C3 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip (Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
500	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.8.0.18[1], 3.8.0.20[1], 3.8.0.23[1], 3.8.0.23b [1,2], 3.8.0.24[1], 3.8.0.24b[1,2], 3.8.0.26[1], 3.8.0.26b[1,2], 3.8.0.27[1] and 3.8.0.27b[1,2]) Validated to FIPS 140-2 Security Policy Certificate	Firmware	01/18/2005; 01/31/2005; 03/11/2005; 06/30/2005; 08/24/2005; 09/09/2005; 10/07/2005	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry® 7230 with BlackBerry OS® Versions 3.8[1], 4.0[1] and 4.1[2] -FIPS-approved algorithms: Triple-DES (Cert. #281); AES (Cert. #177); SHS (Cert. #264); HMAC (Cert. #1); RSA (Cert. #22); RNG (Cert. #27) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
499	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware Versions: 023-5000-980, 023-5000-982; Firmware Version: 3.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005; 05/05/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #143); SHS (Cert. #238); HMAC-SHA-1 (Cert. #238, vendor affirmed); DSA (Cert. #110); RNG (Cert. #5 and FIPS 186-2 - general purpose, vendor affirmed) -Other algorithms: DES (Cert. #253); SecureNet DES 1 bit CFB with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson 5100 series radio with secure encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
498	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Dennis Crowe TEL: 203-924-3612 FAX: 203-924-3352	Compliant Meter Postal Security Device (CoMet PSD) (Hardware Version: P/Ns 1A00 Version BAA, 1AEC Version AAA, 1APC Version ABC) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/18/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); Skipjack (Cert. #6); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert #86, vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation’s Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD is a secure module employed within the metering product which performs high-speed cryptographic functions, funds management, and printer administration functions that preclude unauthorized disbursing of indicia. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
497	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-436-1223 FAX: 512-436-8009	IBM Java JCE 140-2 Cryptographic Module (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/07/2005; 01/11/2005; 09/07/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional using IBM JVM 1.4.2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #114); SHS (Cert. #259); HMAC-SHA-1 (Cert. #259, vendor affirmed); RSA (Cert. #18); RNG (Cert. #23) -Other algorithms: Diffie-Hellman (key agreement); MD5 Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.4.0 level and higher."
496	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry Enterprise Server™ Cryptographic Kernel (Software Version: 1.0.1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/07/2005; 01/11/2005; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP 6a -FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHS (Cert. #265); HMAC (Cert. #2); RNG (Cert. #28) -Other algorithms: Rijndael Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
495	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 888-744-4976 x6202 FAX: 954-888-6211	Thales Datacryptor Gigabit (Hardware Version: C; Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/07/2005; 10/13/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The Datacryptor Gigabit is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Datacryptor Gigabit has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. Fully compatible with existing IP networks, the Datacryptor Gigabit can be seamlessly deployed into Gigabit Ethernet environments, including IP siteto-site VPNs and storage over IP networks. Its high-speed AES and 3DES IPSec processing eliminates bottlenecks while providing data authentication, confidentiality, and integrity."
494	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library (Software Versions: 2.2.5, 2.2.7 and 2.2.12 (Windows) and 1.1.8, 1.1.9 and 1.1.15 (Solaris)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/03/2005; 12/20/2006	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix EAL 4 on Dell Optiplex GX 400 Personal Computer System, Trusted Solaris 8 7/03 EAL 4 on SunBlade 100 -FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4) -Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)); RC2 Multi-chip standalone "The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The Windows and Solaris versions are designed and implemented to meet the Level 2 requirements of FIPS publication 140-2 when running on an appropriate hardware under Windows 2000, Solaris 8 and Trusted Solaris 8 operating systems."
493	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library (Software Versions: 2.2.5, 2.2.7, 2.2.8 and 2.2.12 (Windows) and 1.1.8, 1.1.9, 1.1.10, 1.1.12 and 1.1.15 (Solaris/Linux/AIX/HP-UX)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/03/2005; 12/22/2005; 07/10/2006; 12/19/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP Professional, Windows ME, Windows 2000, HP-UX B.11.11, AIX 5, Trusted Solaris 8 7/03 and Linux RHEL 3 (all in single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4) -Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement); RC2; RIPEMD-160 (v1.1.10 and 1.1.12 only); RSA (specified in RFC 2409) Multi-chip standalone "The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
492	ITServ Inc. Six Montgomery Village Avenue Suite 405 Gaithersburg, MD 20879 USA TEL: 301-948-1111 FAX: 301-948-7582	RideWay Station (Hardware Version: FGC; Firmware Version: 5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/22/2004; 01/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #247); SHS (Cert. #186); HMAC-SHA-1 (Cert. #186, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RC4; MD5; CRYPT(3) Multi-chip standalone "RideWay Station FGC integrates powerful firewall protection and VPN capabilities to safeguard computer networks from the threat of Internet attacks and intrusions. Each computer or server on the LAN must follow a strict authorization procedure in order to gain access to the network. In addition, the module uses Triple-DES encryption in its IPSec VPN to allow multiple offices to securely communicate over the Internet or to allow a remote client to securely connect to its office network. The highperforming hardware efficiently conducts encryption and decryption tasks without sacrificing throughput."
491	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Kenneth Jensen TEL: 408-227-4500 FAX: 408-227-4550 -Keerti Melkote TEL: 408-227-4500 FAX: 408-227-4550	Aruba 5000/6000 WLAN Switch with AirOS Software (Hardware Versions: Configuration A, Configuration B, Configuration C, Configuration D; Firmware Version: A5000_2.1.0.0_7862) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/22/2004; 01/07/2005; 12/22/2005	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #158 and #159); Triple-DES (Certs. #260 and #261); SHA-1 (Certs. #243 and #244); HMAC-SHA-1 (Certs. #243 and #244, vendor affirmed); RNG (Cert. #8); RSA (Cert. #9) -Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Aruba Wireless Networks’ FIPS validated WLAN switching platform is a purpose-built Wireless LAN voice and data switching solution designed to specifically address the needs and reduce the cost of large scale WiFi network deployments for Government and large enterprise. Aruba’s WLAN switching platform is a highly scalable and redundant solution that provides centralized intelligence to secure and manage the corporate RF environment, enforce identity based user security and policies, enable service creation and provide secure mobility management to hundreds of simultaneously connected users."
490	SBI Net Systems Co., Ltd. Meguro Tokyu Bldg. 5th Floor 2-13-17 Kamiosaki Shinagawa-ku, Tokyo 141-0021 Japan -Hidemitsu Noguchi TEL: +81 3 5447 2551 FAX: +81 3 5447 2552	C4CS (Software Versions: 1.0.0 and 1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/22/2004; 02/25/2005; 08/21/2008	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Service Pack 3 with Hotfix 326886 and Microsoft Windows XP Service Pack 1 -FIPS-approved algorithms: SHS (Cert. #222); HMAC-SHA-1 (Cert. #222, vendor affirmed); AES (Cert. #133); RNG (Cert. #1); RSA (Cert. #1); ECDSA (vendor affirmed) -Other algorithms: C4Custom; RSAES_PKCS_v1_5; RSAES_OAEP; Diffie-Hellman (key agreement); SSS Multi-chip standalone "C4CS is a software cryptographic module providing symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
489	Bluesocket, Inc. 7 New England Executive Park Burlington, MA 01803 USA -Mike Puglia TEL: 781-328-0888	Bluesocket WG-2100 Wireless Gateway (Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002, 870-212TT-002, Software Version: 3.1.1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 08/30/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #76); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC-SHA-1 (Certs. #228 and #229, vendor affirmed) -Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement); MD5; HMAC MD5 Multi-chip standalone "The Bluesocket WG-2100 Wireless Gateway provides a scalable solution with security, quality of service (QoS), Mobility, Role/Policy Enforcement and Management for today's highly-secure 802.11 Government wireless networks."
488	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	EFJohnson Encryption Module (Software Version: 1.0.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004; 05/05/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix on Dell OptiPlex GX400 -FIPS-approved algorithms: AES (Cert. #26); DSA (Cert. #72); SHS (Cert. #121); Triple-DES (Cert. #135); RNG (Cert. #14) -Other algorithms: DES (Cert. #186); AES-MAC (Cert #26, non-compliant) Multi-chip standalone "The EFJohnson Encryption Module is a software cryptographic module that serves both as a key store and a cryptographic service provider. The module is accessible through an API, and provides an easy-to-use yet secure means of storing sensitive cryptographic keys. The Encryption Module meets level 1 FIPS 140-2 requirements and achieves level 2 in the "Roles, Services, and Authentication" and "Operation Environment" sections of FIPS 140-2."
487	Kasten Chase Applied Research, Ltd. Orbitor Place 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Steve Demmery TEL: 905-238-6900 x3303 FAX: 905-212-2003	Kasten Chase Cryptographic Engine (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Red Hat 7.3 with Linux kernel 2.4; AIX 5L for POWER V5.2; Sun Trusted Solaris™ Version 8 4/01; Sun Solaris™ 9 (all in user and kernel modes and single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert. #10) -Other algorithms: MD5; HMAC-MD5; KEA; ECDH (key establishment) Multi-chip standalone "KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
486	Kasten Chase Applied Research, Ltd. Orbitor Place 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Steve Demmery TEL: 905-238-6900 x3303 FAX: 905-212-2003	Kasten Chase Cryptographic Engine (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server with SP3 and Hotfix Q326886 on a 650 MHz Pentium III platform; AIX 5L for POWER V5.2 on a IBM p630-6C4 with a POWER4 CPU; Sun Trusted Solaris™ Version 8 4/01 on a SunBlade 100 with a 500 MHz UltraSPARC Iie -FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384; HMAC- SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert #10) -Other algorithms: MD5; HMAC-MD5; KEA, ECDH (key establishment) Multi-chip standalone "KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
485	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert FIPS 64 (Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 04/04/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Cert. #216); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed) -Other algorithms: DES (Cert. #249); DES MAC (Cert. # 249, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
484	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330G3 Smart Card (Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS and Biometric authentication application executable (G3 EXF) Version 21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); RSA (PKCS #1, vendor affirmed); Triple-DES (Cert. #236); RNG (vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip "The 330G3 is a biometrically-enabled ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for strong user authentication and single sign on when integrated with SAFENET Axis software. The card supports creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials; Strong authentication of the cardholder using fingerprint biometrics; Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
483	Symantec Corporation 1 Symantec Way Suite 200 Newport News, VA 23602 USA -William L. Stewart TEL: 757-880-7782 FAX: 757-249-7124	Symantec Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/10/2004; 07/27/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional, Windows 2000 -FIPS-approved algorithms: AES (Cert. #164); Triple-DES (Cert. #266); SHS (Cert. #248); HMAC (Cert. #5); RNG (Cert. #12) -Other algorithms: N/A Multi-chip standalone "The Symantec Cryptographic Module is a software library that contains FIPS-approved cryptographic algorithms. This module provides encryption functionality for selected Symantec products."
482	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-1 Postal Security Device (Hardware Versions: P/N 1L00, Versions AAA, AAC and AAD (US); P/N 1LEC, Versions AAA, AAC and AAD (Canada)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/03/2005; 03/14/2005	Overall Level: 3  -FIPS-approved algorithms: DSA (Cert. #105); SHS (Cert. #232); Triple-DES (Cert. #252); Triple-DES MAC (Cert. #252, vendor affirmed); HMAC-SHA-1 (Cert. #232, vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Pitney Bowes Cygnus X-1 Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation's Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products."
481	Realia Technologies S.L. Orense, 68 11th floor Madrid, 28020 Spain -Sebastián Muñoz TEL: +34 91 449 03 30 FAX: +34 91 579 56 06 -Luis Jesús Hernández TEL: +34 91 449 03 30 FAX: +34 91 579 56 06	Cryptosec 2048 (Hardware Version: Model 1.0, Firmware Version: 01.04.0010) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #262); RSA (Cert. #10); SHS (Cert. #242); RNG (Cert. #11) -Other algorithms: DES (Cert. #263); CRC-32; MD5; RIPEMD-128; RIPEMD-160 Multi-chip embedded "The Cryptosec 2048 is a high-end PCI cryprographic accelerator card that provides cryptographic services and secure storage of cryptographic keys. The module is built to perform general cryptographic processing (RSA, DES, SHA-1, MD5,...) and features a tamper-protective case to physically protect sensitive information contained within the card."
480	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196-1078 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Key Variable Loader (KVL) 3000 Plus (Hardware Version: P/N CLN7493D, Version 8, Firmware Version: U239AC, X795AH, Versions R3.52.17, R3.52.22 and R3.52.31.) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/10/2004; 02/25/2005	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; DVI-SPFL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
479	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Alan Myrvold TEL: 613-270-3009	Entrust Authority™ Security Toolkit for Java™ (Software Version: 7.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/16/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP SP1 in single user mode running Sun JRE 1.4.2 and UltraSPARC-11i 300 MHz processor running Solaris 9 in single user mode running Sun JRE 1.4.2 -FIPS-approved algorithms: AES (Cert. #193); Triple-DES (Cert. #289); Triple-DES MAC (Cert. #289, vendor affirmed); DSA (Cert. #122); ECDSA, (vendor affirmed); SHS (Cert. #273); HMAC (Cert. #8); RNG (Cert. #40); RSA (Cert. #30) -Other algorithms: DES (Cert. #279); DES MAC (Cert. #279, vendor affirmed); CAST 128; IDEA; RC2; RC4; Diffie-Hellman (key agreement); SPEKE; Rijndael 256; CAST128 MAC; MD2; MD5; HMAC- MD5; IDEA MAC Multi-chip standalone "Authority Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
478	Carrier Access Corp. (a wholly owned subsidiary of Turin Networks, Inc.) and Team F1 5395 Pearl Parkway Boulder, CO 80301 USA -Thomas Gormley TEL: 303-442-5455 FAX: 303-443-5908 -Mukesh Lulla TEL: 510-505-9931 FAX: 510-505-9941	Broadmore/SSHield Management Module (Software Versions: 4.0.0, 4.1.0, 4.1.1 and 4.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/08/2004; 12/01/2004; 02/24/2005; 12/22/2005; 03/07/2008; 03/19/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Key Management: Level 3 -Operational Environment: Tested as meeting Level 1 with WindRiver pSOS operating system version 2.2.7 and ATM configuration -FIPS-approved algorithms: DSA (Cert. #100); Triple-DES (Cert. #238); AES (Cert. #129); SHA-1 (Cert. #214); HMAC-SHA-1 (Cert. #214, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Broadmore family of products offer a unique economical means of provisioning, grooming, and routing TDM DS3, DS1, E3, E1 services and mixed-speed serial data to logical ATM connections. The Broadmore/SSHield Management Module controls the Broadmore configuration parameters using SSHield, an implementation of the IETF SECSH protocol, which provides an authenticated, encrypted data communications channel for secure management. More information can also be found on www.teamf1.com and www.carrieraccess.com."
477	Secure Systems Limited 80 Hasler Road Osborne Part, Western Australia 6017 Australia -Michael J Wynne TEL: +61 8 9202 8333 FAX: +61 8 9202 8334 -Christine Rainwater TEL: 703-535-7999	Silicon Data Vault® (SDV®) (Hardware Versions: SDV201B Rev B and SDV18A Rev A, Firmware Version: SDV2_Ver_1.3.4, Embedded_AA_1.07) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/04/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #136); SHS (Cert. #219) -Other algorithms: CRC-32 Multi-chip embedded "The Silicon Data Vault® (SDV®) is a cryptographic hardware security device which asserts absolute control over the hard disk drive (HDD) at the earliest stage of boot up, ensuring the user is authenticated before any data can be accessed. The SDV® is operating system independent, works with any standard ATA HDD, and resides in the IDE channel, blocking and controlling all access to the HDD."
476	Prism Payment Technologies (Pty) Ltd PO Box 901 Witkoppen, Gauteng 2068 South Africa -Wayne Donnelly TEL: +27 11 5481000 FAX: +27 11 4673424	Incognito TSM410 (Hardware Version: P/N 5520-00091, Version 2, Firmware Version: 1.1.1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/04/2004	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #259); SHA-1 (Cert. #241); Triple-DES MAC (Cert. #259, vendor affirmed); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #261); Enhanced Security DES MAC (Cert. #261, vendor affirmed); DES MAC (Cert. #261, vendor affirmed); Multi-chip embedded "The Incognito TSM410 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers highperformace, high-security services targeted at EFT switches and mCommerce applications."
475	Trust Digital, Inc. 1600 International Drive Suite 100 McLean, VA 22102 USA -Norm Laudermilch TEL: 703-760-9400 FAX: 703-760-9415	Trust Digital Crypto Library Cryptographic Module (Software Versions: 3.0, 3.0.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/02/2004; 03/02/2005; 07/29/2005; 09/21/2005; 10/26/2006; 11/06/2006; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows NT SP6, 2000; XP Pro; Palm OS 4.1, 5.2.1, 5.2.1H, 5.4.5; Pocket PC 3.0, 4.20; Symbian 7.0; Smartphone 2002; Windows Mobile v5.0 and v6.0; and v5.0 Smartphone edition. -FIPS-approved algorithms: AES (Certs. #69 and #456); Triple-DES (Certs. #177 and #473); SHS (Certs. #164 and #520); HMAC-SHA-1 (Certs. #164 and #520, vendor affirmed) -Other algorithms: Blowfish; TwoFish; RC4; TEA; Fast XOR; MD5 Multi-chip standalone "Trust Digital’s Cryptographic Module is a 32-bit Windows library compatible with Palm, Pocket PC, RIM, Symbian and other related operating systems. This module provides cryptographic services accessible from software programs written in C/C++ through Application Program Interfaces (APIs). The DLL (dynamically linked library) format of this module allows it to be embedded in existing applications targeted for Palm, Pocket PC, RIM and Symbian operating systems."
474	L-3 Communications Government Services, Inc. 3750 Centerview Drive Chantilly, VA 20151 USA -Suma Shastry TEL: 703-375-6598	Hand Held Monitor Module (HHM) (Hardware Version: Rev B, Part No: 1500, Firmware Version: 5.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Hand Held Monitor Module (HHM) device is a component of the Tactical Automated Security System (TASS). The HHM is used to detect, monitor, and access intrusions in secured areas. The HHM works in conjunction with the Communications Module (CM), which receives, and forwards intrusion alerts to the HHM."
473	L-3 Communications Government Services, Inc. 3750 Centerview Drive Chantilly, VA 20151 USA -Suma Shastry TEL: 703-375-6598	Communications Module (CM) (Hardware Version: Rev B, Part No: 1550, Firmware Version: 5.7) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Communications Module (CM) device is a component of the Tactical Automated Security System (TASS). The Communications Module (CM) works in conjunction with the HHM to receive and forward intrusion alerts."
472	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: DS1955B PB1 - 1.50) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
471	SafeNet, Inc. 4690 Millennium Drive Suite 400 Belcamp, MD 21017 USA -George L. Heron TEL: 410-933-5883 FAX: 410-931-7524	SafeNet HighAssurance 4000 Gateway (Hardware Version: C, Firmware Versions: 2.2 and 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004; 05/04/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSEC encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. With the implementation of firmware version 2.2, the SafeNet HA 4000 can now be set-up and configured with the Safe Enterprise Security Management Center (SMC)."
470	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG100 and CipherOptics SG1002 (Hardware Version: A, Firmware Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
469	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman TEL: 919-865-0661 FAX: 919-865-0679	CipherOptics SG1001 (Hardware Version: C, Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics Security Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
468	Fortinet, Inc. 920 Stewart Drive Sunnyvale, CA 94085 USA -Alan Kaye TEL: 613-225-2951	FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-800 (Hardware Versions: FortiGate-300 (build x20), FortiGate-400 (build x20), FortiGate-500 (build x20) and FortiGate-800 (build x20), Firmware Version: 2.50, build 219,040616) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed) -Other algorithms: DES; DDiffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
467	Fortinet, Inc. 920 Stewart Drive Sunnyvale, CA 94085 USA -Alan Kaye TEL: 613-225-2951	FortiGate-3000 and FortiGate-3600 (Hardware Versions: FortiGate-3000 (build xx20) and FortiGate-3600 (build xx20), Firmware Version: 2.50, build 219,040616) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed) -Other algorithms: DES; Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
466	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder, Germany -Volker Baum TEL: +49 3303 525 668 FAX: +49 3303 525 609	FrankIT Postal Revenector (Hardware Version: 58.0036.0001.00/05, Firmware Version: 90.0036.0007.00/00) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #39); RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. #43); HMAC-SHA-1 (Cert. #43, vendor affirmed) -Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia FrankIT Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The FrankIT Postal Revenector has been designed in compliance with the Deutsche Post AG (DPAG), FrankIT Specification."
465	D'Crypt Pte Ltd. 20 Ayer Rajah Crescent #08-08 Technopreneur Centre, Singapore 139964 Singapore -Quek Gim Chye TEL: +65-6773-9016 FAX: +65-6873-0796	d'Cryptor QE Cryptographic Module (Hardware Versions: P/N DC/QE-L.8.1024 Versions 3.0L and 3.1L and P/N DC/QE-S.4.512 versions 3.0S and 3.1S, Firmware Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004; 06/06/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #159); SHA-1 (Cert. #139); RSA (FIPS 186-2 and PKCS#1, vendor affirmed); AES (Cert. #49); HMAC-SHA-1 (Cert. #139, vendor affirmed) -Other algorithms: DES (Cert. #205) Multi-chip embedded "The d'Cryptor QE is a programmable cryptographic coprocessor designed for high security assurance applications and features in the d'Cryptor line of products such as d'Cryptor XE, d'Cryptor HSM and TelePort. It contains a secure high-performance cryptographic core that comprises a CPU, Flash ROMs, NVRAM, UTC clock, firmware and a host of useful and cryptographic APIs. The QE provides strong physical security through an opaque, hard epoxy potting and a tamper response mesh that zeroizes all keys in event of tamper. Application loading is authenticated using an approved digital signature scheme."
464	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity 1700, 2700 and 5000 Secure IP Services Gateways (Hardware Versions: 1700, 2700 and 5000, Firmware Version: V04_85.121) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/18/2004; 01/06/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #183); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC-MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant Contivity 1700, 2700 and 5000 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 1700, 2700 and 5000 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
463	VIACK Corporation 16701 NE 80th St. Suite 100 Redmond, WA 98052 USA -Peter Eng TEL: 425-605-7400 FAX: 425-605-7405	VIA3 VkCrypt Cryptographic Module (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/20/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4 -FIPS-approved algorithms: RNG (Cert. #3); AES (Cert. #147); RSA (Cert. #5); SHA-1 (Cert. #236); HMAC-SHA-1 (Cert. #236, vendor affirmed) -Other algorithms: RSA (PKCS #1); RC2 Multi-chip standalone "The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing for VIA3 E-meeting products. VIA3 is a secure and confidential E-meeting solution integrating live audio and video, instant messaging, and real-time information sharing."
462	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP Wireless Gateways (Hardware Versions: 3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP, Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1); MD5; RC4; DES Multi-chip standalone "The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface. The cryptographic suite is implemented in an innovative manner so that critical performance is not sacrificed in providing a rugged FIPS 140-2 Level 2 secure wireless solution."
461	Lucent Technologies, Inc. 600 Mountain Ave Murray Hill, NJ 07974 USA -Kim Tourigny TEL: 978-952-1504 FAX: 978-952-1120 -Dan Buczala TEL: 978-952-1512 FAX: 978-952-1516	VPN Firewall Brick® 350, Brick® 1000 and Brick® 1100 with Encryption Accelerator Cards (Hardware Versions: Brick® 350, Brick® 1000 and Brick® 1100, and Encryption Accelerator Card v2: Version 1.0, Board Version 1, Firmware Versions: Lucent LVF v7.2.292 and EAC v2: 7.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/03/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #75 and #245); SHA-1 (Certs. #65 and #225); HMAC-SHA-1 (Certs. #65 and #225, vendor affirmed); DSA (Cert. #62) -Other algorithms: DES (Certs. #135 and #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC- MD5 Multi-chip standalone "The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
460	Lucent Technologies, Inc. 600 Mountain Ave Murray Hill, NJ 07974 USA -Kim Tourigny TEL: 978-952-1504 FAX: 978-952-1120 -Dan Buczala TEL: 978-952-1512 FAX: 978-952-1516	VPN Firewall Brick® 350 and Brick® 1000 (Hardware Versions: Brick® 350 and Brick® 1000, Firmware Version: Lucent LVF v7.2.292) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/03/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #245); SHA-1 (Cert. #225); HMAC-SHA-1 (Cert. #225, vendor affirmed); DSA (Cert. #62) -Other algorithms: DES (Cert. #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip standalone "The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
459	Backbone Security.com, Inc. 701 Main Street Suite 300 Stroudsburg, PA 18360 USA -Glenn Watt TEL: 570-422-7900 FAX: 570-422-7940	Ribcage 1100 and Ribcage 2800 (Hardware Version: 3.0, Software Version: 2.2 FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #208); AES (Cert. #94); SHA-1 (Cert. #184); HMAC-SHA-1 (Cert. #184, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); HMAC-SHA-256; HMAC-SHA-512; HMAC-MD5 Multi-chip standalone "Ribcage is a secure IPSec Virtual Private Network that provides secure connectivity deployed on a shared infrastructure with the same privacy and performance as a leased network. Ribcage is a solution that is flexible as both a secure virtual private network and as a remote access, with straightforward administration tools that allow rapid set-up and administration remotely or locally."
458	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	SonicWALL TZ 170 (Hardware Version: P/N 101-5000072-00 rev A, Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/08/2004; 02/24/2005; 05/17/2006; 04/25/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. # 208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering."
457	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Irfan Khan TEL: 510-936-4840	Sun Cryptographic Accelerator 4000 (Hardware Versions: Fiber: 501-6040-02 and 501-6040-03, UTP/Copper: 501-6039-05 and 501-6039-06, Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/12/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.# 190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
456	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	Sm@rtCafé Expert FIPS 64 with ActivCard Applet v2 (Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102, Applet Versions: AC Applet Versions 2.3.0.2 and 2.3.0.5; ASC Library 2.3.0.2 and 2.3.0.3; and PKI/GC Applet Versions 2.3.0.2 and 2.3.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/11/2004; 09/07/2005; 04/04/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHA-1 (Cert. #216); DSA (Cert. #102); RSA (Cert. #7, PKCS#1); Triple-DES MAC (Cert. #239, vendor affirmed) -Other algorithms: DES (Cert. #249); DES MAC (Cert. #249, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
455	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	SonicWALL PRO 3060/4060 (Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A, Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/11/2004; 02/24/2005; 05/17/2006; 05/31/2006; 04/25/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed) -Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces."
454	iDirect Technologies 10803 Parkridge Boulevard Reston, VA 20191 USA -Sasmith Reddi TEL: 703-648-8043 FAX: 703-648-8014	Protocol Processor (Hardware Version: 5.0, Firmware Version: 5.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/02/2004	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #243); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The Protocol Processor is the central component of iDirect’s TDMA star network product and is responsible for network wide functions such as: TCP acceleration, QoS, 3DES encryption, TDMA management and dynamic time slot allocation."
453	iDirect Technologies 10803 Parkridge Boulevard Reston, VA 20191 USA -Sasmith Reddi TEL: 703-648-8043 FAX: 703-648-8014	NetModem II Plus (Hardware Version: 5.0, Firmware Version: 5.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #242); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The iDirect NetModem II Plus broadband router is a compact, set-top terminal that routes IP traffic over satellite networks."
452	Credant Technologies Corporation 15305 Dallas Parkway Suite 1010 Addison, TX 75001 USA -Chris Burchett TEL: 972-458-5407 FAX: 972-458-5454	Credant Cryptographic Kernel (Versions 1.3 and 1.4) Validated to FIPS 140-2 Security Policy Certificate	Software	07/28/2004; 09/21/2004; 09/24/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 1 and Windows CE 3.0 (single user mode) -FIPS-approved algorithms: AES (Certs. #117 and #168); Triple-DES (Certs. #229 and #272); SHA-1 (Certs. #206 and #253); HMAC-SHA-1 (Certs. #206 and #253, vendor affirmed); RNG (Cert. #19) -Other algorithms: Multi-chip standalone "Credant Cryptographic Kernel is a FIPS 140-2 compliant, software-based cryptography library that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1 algorithms for the Credant Mobile Guardian product. Credant Mobile Guardian enables enterprise-wide control of security for mobile and wireless users of laptops, tablet PCs, PDAs and smart phones."
451	Good Technology, Inc. 4250 Burton Drive Santa Clara, CA 95054 USA -Daphne Won TEL: 408-327-6000	Good FIPSCrypto (Software Versions: Pocket PC 20040220 and Symbian 4.9.1) Validated to FIPS 140-2 Security Policy Certificate	Software	07/28/2004; 01/11/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Symbian 9.1 and Windows CE 4.2 -FIPS-approved algorithms: AES (Certs. #134 and #477); Triple-DES (Certs. #240 and #491); SHA-1 (Certs. #217 and #545); HMAC-SHA-1 (Certs. #217, vendor affirmed and #234) -Other algorithms: Multi-chip standalone "The Good FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements the Triple-DES; AES; SHA-1; HMAC-SHA-1 algorithms."
450	Nokia Enterprise Solutions 313 Fairchild Drive Mt View, CA 94043 USA -Robert Kusters TEL: 650-625-2940	Nokia VPN Appliance (Hardware Versions: IP350, IP355, IP380 and IP385, Software Versions: (IPSO v3.7.99 and Check Point NG with Application Intelligence R54) and (IPSO v3.9 and Check Point NG with Application Intelligence R60)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004; 07/28/2005; 09/21/2006; 11/06/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #88 and #407); Triple-DES (Certs. #41, #80, #132, #234, #235, #333 and #440); SHA-1 (Certs. #42, #69, #210, #211, #212, #325 and #474); HMAC-SHA-1 (SHA-1 Certs. #42, #56, #69, #210, #211, #212, vendor affirmed and HMAC-SHA-1 #179 and #180); DSA (Cert. #99); RSA (PKCS #1 vendor affirmed and #63, #146 and #149); RNG (#30, #196 and #201) -Other algorithms: DES (Certs. #110, #142, #183, #247, #311 and #314); CAST; DES (40 bits); HMAC-MD5; MD5; Arcfour; Blowfish Multi-chip standalone "The Nokia IP350, IP355, IP380 and IP385 are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1/FW-1, these platforms provide reliable, easy to manage distributed security and access."
449	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-7134	ID-One Cosmo 64 v5 (Hardware Version: P/N: 77, Firmware Version: E302) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/28/2004; 02/25/2005; 03/01/2005; 06/29/2005; 09/23/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHA-1 (Cert. #209); RSA (FIPS 186-2, PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
448	Chunghwa Telecom Co. Ltd. Telecommunication Lab 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei Taoyuan, Taiwan 326 Republic of China -Yu-Ling Cheng TEL: +886 3 424-5883 FAX: +886 3 424-4167	SafGuard 200 HSM (Hardware Version: HSM-HW-0312.02, Firmware Version: HSM-SW-ARM-FRTO.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #224); AES (Cert. #111); SHA-1 (Cert. #201); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: RC6 Multi-chip standalone "SafGuard200 is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-4096 bit public key signatures, and hashing). The SafGuard 200 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved 3DES and AES encryption."
447	Oracle Corporation 500 Oracle Parkway Redwood Shores California, CA 94065 USA -Shaun Lee TEL: +44 1189 243860	Oracle Cryptographic Libraries for SSL 10g (9.0.4) (Software Version 10g (9.0.4)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/30/2004; 08/06/2004	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Sun Solaris Version 8 running on a Sun Ultra 60 UltraSparc workstation -FIPS-approved algorithms: Triple-DES (Cert. #170); SHA-1 (Cert. #154); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #154, vendor affirmed) -Other algorithms: DES (Cert. #215); RSA-MD5 (PKCS#1); RC4; HMAC-MD5; Diffie-Hellman (key agreement); RSA (PKCS#5) Multi-chip standalone "The Oracle Cryptographic Libraries for SSL 10g (9.0.4) is a generic module used by Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle Database Server, Oracle Applications Server, Oracle Internet Directory, Web Cache and Oracle HTTP Server. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
446	3Com Corporation 5500 Great America Parkway Santa Clara, CA 95052 USA -Rahul Jain TEL: 408-326-3518 -Annette Davis TEL: 408-326- 8954	3Com 10/100 Secure NIC (3CR990B-97) and 3Com 100 Secure Fiber NIC (3CR990B-FX-97) (Hardware Versions: 03-0229-100 and 03-0347-000, Firmware Versions: Runtime: 03.001.008, Diagnostic: 03.001.008, Sleep: 03.001.007) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #212); SHA-1 (Certs. #188 and #189); HMAC-SHA-1 (Certs. #188 and #189, vendor affirmed) -Other algorithms: DES (Cert. #234); MD5; HMAC-MD5 Multi-chip embedded "3Com® 10/100 Secure NICs offers IPSec and TCP/IP offloading, upgradability to the embedded firewall technology while also offering advanced intrusion resistance to protect your LAN, without sacrificing throughput performance. In addition, the NICs incorporate advanced server features and remote management capabilities to accelerate application response and lower IT administration time."
445	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Enterprise Server Cryptographic Kernel (Software Version: 1.0.0.2) (When operated in FIPS mode with FIPS validated Microsoft® Base Cryptographic Providers Certificates #76 or #103 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/30/2004; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP6a -FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHA-1 (Cert. #195); HMAC-SHA-1 (Cert. #195, vendor affirmed) -Other algorithms: Rijndael Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete endtoend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®"
444	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330G2 Smart Card (Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS application executable (G2 EXF) Version 22) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/30/2004; 02/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #236); DSA/SHA-1 (Cert. #35);RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip "The 330G2 is an ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials. Authentication of the cardholder and the security officer. Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
443	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 (Hardware Version: Cyberflex Access 64k v2, OS Hard Mask no01 v01 Firmware Version: OS Soft Mask no02 v03, ID Applet v1.0.0.23, PKI Applet v1.0.0.29, GC Applet v1.0.0.27, SKI Applet v1.0.0.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/23/2004; 05/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); SHA-1 (Cert. #173); RSA (PKCS#1, vendor affirmed); AES (Cert. #81) -Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed) Single-chip "ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 provides the following services: - Card Holder verification using PIN - Secure storage of data and private information - RSA based Digital Signature (1024 and 2048 bits) - DES/TDES based One Time Password (OTP) generation"
442	Vormetric, Inc. 3131 Jay Street Santa Clara, CA 95054 USA -Suhel Khan TEL: 408-961-6114 FAX: 408-844-8638 -Paulus Weemaes TEL: 408-961-6117 FAX: 408-844-8638	CoreGuard Security Server (Hardware Version: P/N 30 Release 1.0 Version 3.0, Firmware Versions: VN.3.0SP1- Build0060 and VN.3.0SP1-Build0064) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 07/27/2004; 01/27/2006	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #241); AES (Cert. #135); SHA-1 (Cert. #218); HMAC-SHA-1 (Cert. #218, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); MD5 Multi-chip standalone "Vormetric CoreGuard Security Server is a comprehensive security solution that combines protection of data at rest, application integrity and host protection. CoreGuard integrates a software module loaded on a server, and a FIPS compliant appliance with user-defined security policies allowing fine-grain data access control and selective encryption of data at rest (AES 128/256 and 3DES), application digital signatures, enforced user authentication, host protection and central management. CoreGuard installs transparently and does not require changes to applications, databases or storage architectures allowing the security to extend to any data across the enterprise."
441	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00181 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® and Pointsec® Windows Mobile Cryptographic Library (Software Version: 1.1.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004; 05/20/2008	Overall Level: 1  -EMI/EMC: Level 3 -Self-Tests: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 4.20.1081 -FIPS-approved algorithms: AES (Cert. #4); SHA-1 (Cert. #224); HMAC-SHA-1 (Cert. #224, vendor affirmed) -Other algorithms: Passphrase-based key derivation (PBKDF2 as specified in PKCS#5); AES (IWEC) Multi-chip standalone "The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Windows Mobile 2003 and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a Clanguage Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
440	Sigaba Corporation 1875 South Grant Road Suite 500 San Mateo, CA 94402 USA -Greg Desmarais TEL: 650-572-6155 FAX: 650-572-6101	Sigaba Security Library (Software Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1, Java Runtime Environment 1.4.2-b28 -FIPS-approved algorithms: Triple-DES (Cert. #94); AES (Cert. #22); SHA-1 (Cert. #78); HMAC-SHA-1 (Cert. #78, vendor affirmed); DSA (Cert. #56); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); Secure Remote Password (SRP); Extended Secure Remote Password (ESRP); Triple-DES (ECB mode); DSA (Signing and Key Generation) Multi-chip standalone "The module is a JAVA language cryptographic component to be used by the various SigabaÆs security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.4 or later."
439	Decru, A NetApp Company 275 Shoreline Drive Fourth Floor Redwood City, CA 94065 USA -Michele Borovac TEL: 650-413-6700 FAX: 650-413-6790	Decru DataFort SEP (Hardware PN/Rev 60-000109/A, Firmware PN NAS 29.4 and SAN 29.4, Software PN 23.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 06/21/2007	Overall Level: 3  -FIPS-approved algorithms: SHA-1 (Certs. #190, #191 and #192); AES (Certs. #97, #98 and #99); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #192, vendor affirmed); SHA-256 (Cert. #223); HMAC-SHA-256 (Cert. #223, vendor affirmed) -Other algorithms: Multi-chip embedded "Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
438	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2621XM and 2651XM Modular Access Routers with AIM-VPN/EP (Hardware Versions: 2621XM and 2651XM with AIM-VPN/EP Version 1.0 and Board Version B0, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/16/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26 and DSA Cert. #38); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
437	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library™ for Windows (Software Version 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/16/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP and Windows ME (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST 128; MD5; SHA-256; HMAC- MD5, HMAC-SHA-256, Diffie-Hellman (key agreement); Passphrase-based key derivation (PBKDF2 as specified in PKCS#5) Multi-chip standalone "The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 1 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 98, ME or XP operating system."
436	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5076 FAX: 613-723-5078	Chrysalis-ITS K3 Cryptographic Engine (Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/10/2004; 10/18/2004; 12/22/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 3 -Mitigation of Other Attacks: Level 3 -FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5 MAC Multi-chip embedded "The K3 Chrysalis-ITS Cryptographic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
435	SafeNet, Inc. 951 Aviation Pkwy Suite 300 Morrisville, NC 27560 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptors NRZ - H[1], NRZ - L[2], T1[3], E1 75ohm[4], E1 120ohm[5], RS-232[6], T3[7] and HSSI[8] (Hardware Versions: SE-SLE-HNxAC[1], SE-SLE-LNxAC[2], SE-SLE-1ExAB[3], SE-SLE-27xAB[4], SE-SLE-2ExAB[5], SE-SLE- LRxAB[6], SE-SLE-37xAB[7] and SE-SLE-VVxAB[8], Firmware Version: 4.01) (When operated in FIPS mode) (Note: Refer to the cryptographic module’s security policy for the details on the letter x designation) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2004; 06/10/2004	Overall Level: 2  -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ Link Encryptor's (SLE's) secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 8 Mbps, and employs FIPS approved AES or Triple-DES algorithms. The SLE can be locally controlled or managed using the SafeNet™ SafeEnterprise™ Security Management Center (SMC), an SNMP-based security management system."
434	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust TruePass™ Applet Cryptographic Module (Software Version: 7.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/27/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed) -Other algorithms: CAST 128 Multi-chip standalone "The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
433	Enterasys Networks 50 MinuteMan Rd. Andover, MA 01810 USA -Damon Hopley TEL: 978-684-1083	XSR-1805, XSR-1850 and XSR-3250 (Hoftware Version: REL 6.3, Firmware Version: REL 6.3, Hardware Version: REV 0A-G) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #48, 106 and #107); Triple-DES (Certs. #158, #218, #219 and #220); SHA-1 (Certs. #143, #197, #198 and #199); HMAC-SHA-1 (Certs. #143, #197, #198 and #199, vendor affirmed); DSA (Cert. #97); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Certs. #204, #238, #239 and #240); HMAC-MD5; MD5; MD4; 40-bit and 128-bit RC4; CAST; Blowfish; Twofish; ARCfour; Diffie-Hellman (key agreement) Multi-chip standalone "Enterasys Networks X-Pedition Security Routers (XSR), the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality."
432	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco 3220 and 3251 Mobile Access Router Cards (Hardware Version 3.2, Firmware Version 12.2(11r) YQ4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 10/01/2004; 05/24/2005	Overall Level: 1  -Cryptographic Module Specification: Level 2 -Roles, Services, and Authentication: Level -EMI/EMC: Level 2 -Design Assurance: Level 2 -Cryptographic Module Ports and Interfaces: Level 2 -Finite State Model: Level 2 -Cryptographic Key Management: Level 2 Self-Tests: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip embedded "The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
431	Gemplus Corp. Avenue du Pic de Bretagne BP 100, GTmenos Cedex 13881 France -Luc Astier TEL: +33 (0) 4 42 36 50 00	GemXpresso Pro R3 E64 PK - FIPS (GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 07/27/2004; 08/05/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed) Single-chip "GemXpresso Pro R3 E64 PK - FIPS is based on a Gemplus Open OS Smart Card with 64K of EEPROM.. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The module conforms to Java Card V2.1.1 and Global Platform V2.0.1 standards"
430	SafeNet, Inc. 951 Aviation Parkway Suite 300 Morrisville, NC 27560 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Frame Encryptor II[1] and SafeEnterprise™ Frame Encryptor HSSI[2] (SE-SFE-LixAC[1], SE-SFE-HixAC[1], and SE-SFE-VVxAC[2], Firmware Version: 5.00) (When operated in FIPS mode) (Note: Refer to the cryptographic module’s security policy for the details on the letter (i and x) designations) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/26/2004; 06/10/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through AES/TDES encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 8m Mbps and 922 active secure connections."
429	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Cisco Catalyst 6509 Switch, 7606 and 7609 Routers with VPN Services Module (Hardware Versions: 6509, 7606 and 7609, Backplane Chassis Version 3.0 (6509), 1.0 (7606) and 1.0 (7609), Supervisor Blade Version 3.2, VPN Accelerator Blade Version 1.2, Firmware Version: 12.2(14)SY3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #132, #155 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); SHA-1 (Certs. #26 and #117); HMAC-SHA-1 (Certs. #26 and #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #183, #201 and #202); DES MAC (Cert. #202, vendor affirmed); AES (Cert #46); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5 Multi-chip standalone "The Cisco Catalyst 6509 Switch, 7606 and 7609 Routers offer versatility, integration, and security to branch offices. With numerous Network Modules (NMs) available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Cisco 6509, 7606 and 7609 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
428	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206 VXR NPE-G1 Router with Single and Dual VPN Acceleration Module 2 (VAM2) (Hardware Versions: 7206 VXR NPE-G1 Version 1.1, Fab Version 05 and VAM2 Version 2.0, Board Version A0, and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #156 and #158); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #48); SHA-1 (Certs. #26 and #143); HMAC-SHA-1 (Certs. #26 and #143, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #202 and #204); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
427	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2691 and 3725 Modular Access Routers with AIM-VPN/EPII and 3745 Modular Access Router with AIM-VPN/HPII (Hardware Versions: 2691, 3725 and 3745 with AIM-VPN/EPII Version 1.0, Board Version A0 and AIM-VPN/HPII Version 1.0, Board Version A0, and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #156 and #160); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #51); SHA-1 (Certs. #26 and #144); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #202 and #206); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
426	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	1721 and 1760 Modular Access Routers with MOD1700-VPN (Hardware Versions: 1721 and 1760 with MOD1700-VPN Version 2.1, Board Version A0 and Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); DSA/SHA-1 (Cert. #38); HMAC-SHA-1 (SHA-1 Cert. #26 and DSA/SHA-1 Cert. #38, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
425	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware version: DS1955B PBO-1.00c) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed) -Other algorithms: DES (Cert. #222); Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information- Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
424	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	AirFortress® Client Cryptographic Module (Software Version: 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/06/2004; 02/07/2006; 12/20/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress(tm) Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
423	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206-VXR NPE-400 Router with VPN Acceleration Module (VAM) (Hardware Version: 7206-VXR with VAM Version 1.0 and Board Version A0, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Certs. #26 and #51); HMAC-SHA-1 (Certs. #26 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #101 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
422	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	1721, 1760, 2621XM, 2651XM, 2691, 3725 and 3745 Modular Access Routers and 7206-VXR NPE-400 Router (HW Versions: 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745 and 7206-VXR, Firmware Version: IOS 12.3(3d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/25/2004; 11/29/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES- MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
421	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco VPN 3000 Series Concentrators - 3005, 3015, 3030, 3060 and 3080 (Hardware Version: 3005, 3015, 3030, 3060 and 3080, Firmware Version: FIPS 3.6.7.F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #32 and #168); Triple-DES MAC (Certs. #32 and #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (DSA/SHA-1 Cert. #38 and SHA-1 Cert. #152, vendor affirmed); DSA/SHA-1 (Certs. #38 and #85); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #100 and #210); DES MAC (Certs. #100 and #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3000 Series Concentrators are hardware appliances that operate as concentrators in Virtual Private Networking (VPN) environments. They combine the best features of a software concentrator, including scalability and easy deployment, with the stability and independence of a hardware platform."
420	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 (Version NG with Application Intelligence) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	05/06/2004; 05/19/2004; 10/12/2005; 11/17/2005; 01/06/2006; 05/02/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 -Tested: Secure Platform Operating System version NG with Application Intelligence -FIPS-approved algorithms: AES (Cert. #88); Triple-DES (Certs. #41 and #80); SHA-1 (Certs. #42 and #69); HMAC-SHA-1 (Certs. #42 and #69, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Certs. #110 and #142); CAST 40; CAST 128; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Check Point’s VPN-1 version NG with Application Intelligence is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point’s Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
419	Blue Ridge Networks 14120 Parke Long Court Chantilly, VA 20151 USA -Tom Gilbert TEL: 703-631-0700 FAX: 703-631-9588	BorderGuard 4000 and BorderGuard 3140 (BorderGuard 4000 & 3140, Firmware Version: BG4000 DPF1 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/06/2004	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #116); Triple-DES (Certs. #227 and #228); SHS (Certs. #49 and #203); HMAC-SHS (Cert. #49, vendor affirmed) -Other algorithms: DES (Certs. #119 and #243); DES MAC (Cert. #119, vendor affirmed); Diffie-Hellman (key agreement); IDEA; MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The BG4000 and BG3140 are network security appliances for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
418	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101	ActivCard Applet v2 on Cyberflex Access 64k v1 (Firmware Versions: OS Hard Mask no5 v01 and OS Soft Mask no 4 v01 and 4v2, Applet Versions: ACA Applet v2.3.0.1, v2.3.0.4, and v2.3.0.5, ASC Library v2.3.0.1 and v2.3.0.3 and PKI/GC Applet v2.3.0.1, v2.3.1.1, and v2.3.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/19/2004; 01/13/2005; 06/06/2005; 08/22/2005; 05/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed); -Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use) Single-chip "ActivCard Applet v2 provides significant enhancement over the ActivCard v1 Applet in service, security, and flexibility. The v2 framework is backward compatible with earlier versions of ActivCard Applets and offers a more open, stable, and flexible platform for developers to build and deploy smart card applications. ActivCard Applet v2 also complies with GSC-IS 2.1 standard."
417	Encotone Ltd. Bldg. 5, Har Hotzvim Scientific Park P.O.B. 45094, Jerusalem 91450 Israel -Marc Houri TEL: +972 2586 6570 x4 FAX: +972 2581 6871 -Dr. Isaac Labaton TEL: +972 25866570 x2 FAX: +972 25816871	Tele-ID (Hardware P/N 567-2.6.6 Version 6.2, Firmware HardMask Version 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #141); ECDSA (vendor affirmed) -Other algorithms: Multi-chip standalone "The Tele-ID is a portable, phone and PC compatible signature tool able to digitally sign messages, either locally entered on the module or whose Hash value has been transmitted to the module. The digital signature is encoded to sound and, hence, can be sent through any phone, cellular or fixed, or any PC microphone. The Tele-ID has capabilities to create an ECDSA K-163 key pair and enroll the public key with most of the PKI vendors RA-CA. The Tele-ID includes an autarkic GMT Time Stamp in each digital signature to enable CRL/OCSP on-line checking, after signature execution time-stamp corroboration, and with it, to strongly enhance the legal defense of the relying party."
416	Real Time Logic, Inc. 8591 Prairie Trail Drive Suite 500 Englewood, CO 80112 USA -Bela Szabo TEL: 303-703-3834 FAX: 303-703-4058	RTL-TDEA Crypto Module (Hardware P/N RTL-P200006 Rev A Version 1.0, Firmware Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #222) -Other algorithms: Multi-chip embedded "The RTL-TDEA Crypto Module is a PCI card developed to encrypt and decrypt serial user data using Triple Data Encryption (TDEA) algorithms certified to FIPS-140-2 Level 2 security requirements. The certified TDEA algorithms include TECB, TCBC Encrypt and TCFB-64, TOFB-64, Encrypt and Decrypt. The crypto module is a multi-chip embedded short form PCI card (ISA standard) with all of the control functions and encryption algorithms implemented in firmware and hosted in an FPGA. All control of the module is via an RS-232, 9600 Baud DTE UART interface while the data is passed through dedicated RS-422 input and output ports at a rate of up to 10 Mbps."
415	Gemplus Corp. and ActivCard, Inc. Avenue du Pic de Bretagne BP 100, GTmenos Cedex 13881 France -Luc Astier TEL: +33 (0) 4 42 36 50 00 -Eric Le Saint TEL: 510-745-0100 x6211	GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 (Hardware Version: GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applet Versions: AC Applet Versions 2.3.0.1, 2.3.0.4 and 2.3.0.5, ASC Libraries 2.3.0.1 and 2.3.0.3, and PKI/GC Applet Versions 2.3.0.1, 2.3.1.1 and 2.3.1.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2004; 07/27/2004; 08/05/2004; 02/24/2005; 07/28/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed) -Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed) Single-chip "GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on latformindependent cryptographic applets suite developed by ActivCard. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The Applet incoporates some services for PKI (Public Key Infrastructure), for secure credentials management and authentication mechanisms. In addition, the Applet suite allows the registration and management of post-issuance applets that can be handled under the framework. The module conforms to Java Card V2.1.1, Global Platform V2.0.1, and GSC/IS 2.1 standards."
414	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N92i/152 Secure Metering Module (SMM) (Hardware P/N 3000186T Version A, Firmware Versions 3800157W E24 (Main) and 3800159Y E (Coprocessor)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 10/03/2006	Overall Level: 3  -Self-Tests: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #39) -Other algorithms: Multi-chip embedded "The module provides services to an office and post room based mailing system. The system's features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
413	Good Technology, Inc. 1032 Morse Ave Sunnyvale, CA 94089 USA -Phil Peterson TEL: 408-400-4800	FIPSCrypto on Palm (Software Version 20031028) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Palm OS Version 5 -FIPS-approved algorithms: AES (Cert. #108); Triple-DES (Cert. #221); SHA-1 (Cert. #200); HMAC-SHA-1 (Cert. #200, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto on Palm is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
412	Good Technology, Inc. 1032 Morse Ave Sunnyvale, CA 94089 USA -Phil Peterson TEL: 408-400-4800	FIPSCrypto on G100 (Version 1.9.3.7) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with eCos Version 1.3.1 Operating System -FIPS-approved algorithms: AES (Cert. #95); Triple-DES (Cert. #209); SHA-1 (Cert. #185); HMAC-SHA-1 (Cert. #185, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto on G100 is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
411	ECI Systems & Engineering 3100 Knight Street Suite 7 Shreveport, LA 71105 USA -Mac McGregor TEL: 318-868-4911	ECI IPSec Cryptographic Module (Software Versions 1.6-FIPS-1, 1.8, 1.9 and 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004; 11/08/2004; 04/27/2005; 09/07/2005	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 running on an Intel Pentium III -FIPS-approved algorithms: Triple-DES (Cert. #186); SHA-1 (Cert. #168); HMAC-SHA-1 (Cert. #168, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement); MD5; HMAC MD5; CAST; RSA (PKCS#1, non-compliant); DSA (non-compliant) Multi-chip standalone "A software IPSec implementation for Sun Trusted Solaris. This module supports Triple DES encryption/decryption, SHA-1, and HMAC-SHA-1."
410	Airespace, Inc. 110 Nortech Pkwy San Jose, CA 95134 USA -Scott Kelly TEL: 408-635-2000 FAX: 408-635-2020	Airespace Cryptographic Manager (ACM) (Hardware P/Ns AS-4101- X0S00, AS-4012- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), AS-4024- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), Hardware Versions 1.0 and 2.0, Firmware Version 1.2.77.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 06/16/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #196 and #197); AES (Certs. #85 and #86); SHA-1 (Certs. #174 and #175); HMAC-SHA-1 (Certs. #174 and #175, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Airespace Cryptographic Manager (ACM) provides cryptographic services for the Airespace Wireless Enterprise Platform. Airespace offers a unique hierarchical architecture that centralizes network intelligence for cost effective deployment, dynamic RF operations, secure mobility management, service creation, and policy enforcement throughout an entire wireless network."
409	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-838-1211 FAX: 512-838-1032	IBM® Java JSSE FIPS 140-2 Cryptographic Module (Software Version 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OSV1R4 (JVM 1.4.1) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement) Multi-chip standalone "The IBM+ Java+ JSSE (Java Secure Sockets Extension) FIPS provider (IBMJSSEFIPS) for Multi-platforms is a scalable, multi-purpose Secure Sockets provider that supports only FIPS approved TLS cipher suites via the Java2 Application Programming Interfaces (APIs)."
408	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry™ 5810 and BlackBerry™ 5820 (Hardware Version: 1.0, Software Version: 3.6.0.49, S/MIME Support Package Version 1.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/05/2004; 08/24/2005	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #200); AES (Cert. #83); DSA (Cert. #93); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #200, vendor affirmed); RSA (PKCS#1 and FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #228); DES MAC (Cert. #228, vendor affirmed); RC2; RC5; Skipjack; CAST5-128; Rijndael; ARC FOUR; KEA; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ECNR; ElGamal; SHA-256; SHA-384; SHA-512; HMAC (SHA-256, SHA-384, SHA-512, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160); MAC (AES, CAST5-128, RC2, RC5, Skipjack); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
407	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco Software VPN Client (Software Version 3.6.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/29/2004; 04/07/2004; 05/24/2005; 04/09/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #169); AES (Cert. #58); SHA-1 (Cert. #153); HMAC-SHA-1 (Cert. #153, vendor affirmed); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #169, vendor affirmed) -Other algorithms: DES (Cert. #212); DES MAC (Cert. #212, vendor affirmed); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The Cisco Software VPN client for Window OS is an award winning IPsec VPN client which is available free of charge for use across all termination products. It is the most advanced VPN client available and enables secure Remote Access connectivity to employees and partners. The Cisco Software VPN Client is also a key part of the industries best load balancing, fail-over and recovery strategy."
406	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM® SSLite for Java (Software Version 3.15.3232 and 3.16 (FIPS140/Prod)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 02/24/2005	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP 3 (JRE 1.3.1_03), Red Hat Linux 8.0 (JRE 1.3.1_07) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement) Multi-chip standalone "SSLite is a SSL (Secure Socket Layer) V2.0, V3.0 and TLS (Transport Layer Security) V1.0 protocol implementation including PKI (Public Key Infrastructure) functionality, in Java."
405	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [SP1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 10/07/2005; 10/25/2005; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64, and IA64) [2] (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2]) -Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant) Multi-chip standalone "Microsoft Corporation’s Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
404	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER	nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8] (Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
403	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield F3 SCSI Ultrasign 32[3], payShield[4], and payShield Ultra[5] (Hardware Versions: nC4032W-150[1], nC4032W-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DR, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
402	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5] (Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
401	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5] (Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
400	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI[1] and nForce 300 PCI[2] (Hardware Versions: nC3022P-150[1] and nC3022P-300[2], Build Standard E, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
399	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI[1] and nForce 400 SCSI[2] (Hardware Versions: nC3022W-150[1] and nC3022W-400[2], Build Standard D, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging"
398	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI[1] and nShield F2 PCI[2] Ultrasign (Hardware Versions: nC4022P-150[1] and nC4022P-300[2], Build Standard ER, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
397	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI[1] and nShield F2 SCSI Ultrasign[2] (Hardware Versions: nC4022W-150[1] and nC4022W-400[2], Build Standard DR, Firmware Version: 2.12.9-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Cryptographic Key Management: Level 3 -Self-Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD- 160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
396	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8] (Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
395	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield SCSI Ultrasign 32[3], payShield SCSI[4], and payShield Ultra[5] (Hardware Versions: nC4032W-150[1], nC4032w-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DP, Firmware Version: 2.12.9-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/18/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
394	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer’s Kit (PGP SDK) (Software Version 3.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/18/2004; 05/08/2007; 03/07/2008; 07/28/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP SP1 -FIPS-approved algorithms: Triple-DES (Cert. #207); AES (Cert. #93); DSA (Cert. #96); SHA-1 (Cert. #183); HMAC-SHA-1 (Cert. #183, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: CAST-5; IDEA; Twofish; SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5; RIPEMD-60; ElGamal; Shamir Treshold Secret Sharing Multi-chip standalone "The PGP SDK includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers the same core crypto that is at the heart of PGP products."
393	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Versions 3.18, 3.18.1 and 3.18.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004; 10/19/2004; 09/14/2006; 10/03/2006	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX400 running Windows 2000 Professional, Server and Advanced Server with SP3 and Q326886 Hotfix (EAL 4 augmented configuration) -FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed) -Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPEMD-128; RIPEMD-160 Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
392	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	CGX Cryptographic Module (Software Version 3.18) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004; 10/19/2004	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with MS Windows 9x, 2000 NT 4.0, XP (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed) -Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPMD-128; RIPMD-160 Multi-chip standalone "Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
391	F-Secure Corporation Tammasaarenkatu 7 PL 24, Helsinki 00181 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure® Cryptographic Library™ for Windows (Software Version 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/10/2004	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows 2000 with Service Pack 3 and Q326886 Hotfix EAL 4 certified on Dell Optiplex GX 400 Personal Computer System -FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST-128; MD5; SHA-256; HMAC-MD5; HMAC-SHA-256; Diffie-Hellman (key agreement); Passphrase-Based Key Derivation (PBKDF2 as specified in PKCS#5) Multi-chip standalone "The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 2 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 2000 with service pack 3 and Q326886 Hotfix operating system."
390	General Dynamics Decision Systems 8201 East McDowell Road Scottsdale, AZ 85252 USA -Dick Moat TEL: 480-441-6863 FAX: 480-441-8500	Assembly Crypto Module (ACM) and Flight Crypto Module (FCM) (ACM: HW P/N 01- P35200T004 Version E001, FW Revisions C and D, FCM: HW P/N 01-P35390T003 Version 001, FW Revisions C and D) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/08/2004; 11/03/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #184) -Other algorithms: Multi-chip standalone "The ACM and FCM are multi-chip standalone cryptographic modules designed to meet the Level 2 security requirements as defined in FIPS PUB 140-2. ACM and FCM perform the Triple-DES algorithm."
389	Network Security Technology (NST) Co. 11 F, No 190, Jung-Jeng Rd. Shindian City, Taipei County, Taiwan 231 Republic of China -Ming-Chih Tsai TEL: +886-2-8911-1099 FAX: +886-2-8911-1098	NST Security CryptoCard 2200(CC2200) (Hardware Version 1.0, Firmware Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/05/2004; 04/09/2004; 10/01/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #52); SHA-1 (Cert. #48); RSA (FIPS 186-2, vendor affirmed); Triple-DES DAC (Cert. #52, vendor affirmed) -Other algorithms: DES (Cert. #117); DES DAC (Cert. #117, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "NST CC2200, a security cryptographic card with PCI bus interface, is a “multi-chip embedded cryptographic module” that provides hardware cryptographic services to users, groups or processes. The NST Security CryptoCard provides hardware cryptographic services such as acceleration for bulk data encryption / decryption, digital signature generation / verification, secure key storage and key management functions to its users."
388	Cisco Systems, Inc. 7025 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	Cisco VPN 3002 and 3002-8E Hardware Clients (Hardware Versions: 3002 and 3002-8E, Firmware Version: FIPS 3.6.7.F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/23/2004; 02/27/2004; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #168); Triple-DES MAC (Cert. #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (Cert. #152, vendor affirmed); DSA (Cert. #85); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #210); DES MAC (Cert. #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
387	Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 USA -Javier Lorenzo TEL: 858-625-5020 -Irfan Khan TEL: 510-936-4840	Sun Cryptographic Accelerator 4000 (Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber) and 501-6039-05 and 501-6039-06 (UTP/Copper), Firmware Version: 1.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/23/2004; 04/05/2004; 04/27/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92) and RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #225); MD5; HMAC-MD5 Multi-chip embedded "The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
386	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	AirFortress™ Wireless Security Gateway Cryptographic Module (Firmware version 2.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/19/2004; 04/29/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Tested: Fortress interface and Shell (FISH) Version 2.4 -FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
385	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	SafeNet HighAssurance 500/1000 Gateway Cryptographic Module (Firmware Versions 5.01 and 7.0.1, Hardware Versions SE-HA500-01 and SE-HA1000-01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/19/2004; 10/19/2004; 06/06/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #96); Triple-DES (Cert. #210); SHA-1 (Cert. #187); HMAC-SHA-1 (Cert. #187, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #233); HMAC-MD5, Diffie-Hellman (key agreement); DSA (non-compliant) Multi-chip standalone "The SafeNet HA500/1000 Gateway is a high-performance, standards-based hardware Virtual Private Network (VPN) and firewall. Providing a high speed, low cost solution, it features the strongest cryptography available and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA500/1000 that allows encryption using either AES, DES, or triple-DES as nIeeded by client applications."
384	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (ICC) (Software Versions: 1.1, 1.2, 1.2.1 and 1.2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 04/27/2004; 12/02/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Solaris 5.8, AIX 5.2, Windows 2000 Professional and Advanced Server, SUSE Linux Enterprise Server 8 (x86 and PowerPC), RedHat Linux Advanced Server 2.1 (x86), z/Linux 2.4, and HPUX 11i (all in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed, non-compliant); RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; DSA (non-compliant); Diffie-Hellman (key agreement) Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
383	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access 64K v2 Cryptographic Module (Hardware P/N M512LACC2, Firmware Versions: a: HardMask 1v1 and SoftMask 2v1, b: HardMask 1v1 and SoftMask 2v3, c: HardMask 1v2 and SoftMask 1v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 07/27/2004; 09/21/2004; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); AES (Cert. #81); SHA-1 (Cert. #173); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed); Single-chip "The Cyberflex Access 64K v2 Cryptographic Module serves as a highly portable PKI and digital signature secure token for enhancing the security of network access and ensuring secure electronic communications. It supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1’. The Cyberflex Access 64K v2 Cryptographic Module is part of a range of Schlumberger highly secure, Java-based cryptographic modules for physical and logical access, e-transactions and other applications."
382	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 10/07/2005; 10/25/2005; 10/15/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003[1] and Windows Server 2003 Service Pack 1[2] (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Cert. #80[1] and #290[2]); SHS(Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2]) -Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5 Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
381	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/17/2004; 10/25/2005; 10/15/2007	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64 and IA64) [2] (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81) -Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40 Multi-chip standalone "The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, softwarebased, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, DSA and Diffie- Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
380	ActivCard, Inc., Atmel, Inc. and MartSoft, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-745-6211 FAX: 510-574-0101 -Paul Chen TEL: 408-737-3380 x1202	Eagle 64K Flash Module v1 (Hardware AT90SC6464C-Pro, Firmware OS v09FA, ID applet v1.0.0.14, PKI applet v1.0.0.14, GC applet v1.0.0.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 05/26/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #182); Triple-DES MAC (Cert. #182, vendor affirmed); SHA-1 (Cert. #166); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Single-chip "Eagle 64K Flash Module v1 is based on Atmel Secure IC, MartSoft Global Platform Java Card OS and ActivCard Applet Suite. When the module is placed in a plastic smart card housing, it is ideal for secure identification, digital signature, storing and updating account information, personal data, and even monetary value, with increased security, portability and convenience to computer applications. The external interface provided by the applet suite is compliant with the smart card interoperability specification GSC-IS defined by GSA."
379	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis -Simon McCormack TEL: 978-288-8592	Contivity® 600, 1700 and 2700 Secure IP Services Gateways (Firmware Version V04_75.183, Hardware Version 600, 1700 and 2700) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/17/2004; 09/21/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #183 and #29); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC MD5 Multi-chip standalone "The FIPS 140-2 Level 2 compliant Contivity 600, 1700 and 2700 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 600, 1700 and 2700 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
378	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Adam Bell TEL: 410-931-7500 FAX: 410-931-7524	HighAssurance 2000 Gateway (Firmware Versions 6.00, 6.10, 6.20 and 6.21, Hardware SE-HA2000) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/12/2004; 02/20/2004; 03/17/2004; 10/19/2004; 06/06/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); HMAC-SHA-1 (Cert. #5, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #104); DES-MAC; HMAC-MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet HA2000 is a high-performance, standards-based hardware Virtual Private Network (VPN). Providing a high speed, low cost solution, it features strong security and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA2000 that allow high speed encryption with Data Encryption Standard (DES) and triple-DES. DES is included for legacy systems."
377	ReefEdge, Inc. 2 Executive Dr. Fort Lee, NJ 07024 USA -Silvia Ercolani TEL: 201-242-9700 FAX: 201-242-9760	Edge Controller 200 (Software Version 3.1.3a, Hardware Version 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/30/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #171, #172 and #173); SHA-1 (Certs. #155, #156 and #157); HMAC-SHA- 1 (Certs. #155, #156 and #157, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: RC4; MD5; HMAC-MD5 Multi-chip standalone "The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
376	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-436-1223 -512-436-8009	IBM Java JCE 140-2 Cryptographic Module (Software Version 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	01/30/2004; 04/05/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OS V1R4 (JVM 1.4.1) (all in single user mode) -FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #91); SHA-1 (Cert. #170); HMAC-SHA-1 (Cert. #170, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #224); Diffie-Hellman (key agreement) Multi-chip standalone "The IBM« Java« JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multi-purpose cryptographic module that supports only FIPS approved cryptographic operations via the Java2 Application Programming Interfaces (APIs)."
375	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5076 FAX: 613-723-5078	Chrysalis-ITS K3 Cryptographic Engine (Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/30/2004; 10/18/2004; 12/22/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA- 1 (Cert. #64); RSA (FIPS 186-2, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SEED; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5-MAC Multi-chip embedded "The K3 Chrysalis-ITS Cryptgraphic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
374	E.F. Johnson Co. 123 N. State St. Waseca, MN 56093 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Subscriber Encryption Module (SEM) (Hardware P/N-Versions 023-5000-980 and 023-5000-982, Firmware Version 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/23/2004; 05/05/2005	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #73); DSA (Cert. #89); SHA-1 (Cert. #165); HMAC-SHA-1 (Cert. #165, vendor affirmed) -Other algorithms: DES (Cert. #221); SecureNet DES 1 bit with differential encoding and decoding Multi-chip embedded "The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirement. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
373	CipherOptics Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Dennis Toothman - CipherOptics Inc. TEL: 919-865-0661 FAX: 919-865-0679 -George L. Heron - SafeNet, Inc. TEL: 410-933-5883 FAX: 410-931-7524	CipherOptics Security Gateway SafeNet HighAssurance 4000 Gateway (Hardware Version: SG1000, Firmware Versions: 1.2.1 and 1.3 and Hardware Version: SG1001, Firmware Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/15/2004; 02/27/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #155); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #201); Diffie-Hellman (key agreement); MD5; HMAC-MD5 Multi-chip standalone "The CipherOptics Security Gateway and the SafeNet High Assurance 4000 Gateway (aka the SafeNet HA 4000), which is the OEM version of the CipherOptics Security Gateway; is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
372	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	STARCOS SPK 2.4 CHIP (Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2003; 03/19/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
371	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129	STARCOS SPK 2.4 in ID-1 Module (Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2003; 03/19/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
370	SSH Communications Security Corp. Valimotie 17 Helsinki, 00380 Finland -Nicolas Gabriel-Robez TEL: +358 20 500 7455 FAX: +358 20 500 7001	SSH Cryptographic Library (Software Version 1.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2003; 09/03/2004; 09/21/2004: 03/03/2006; 03/06/2007	Overall Level: 1  -EMI/EMC: Level 3 -Self-Tests: Level 4 -Operational Environment: Tested as meeting Level 1 with Windows XP, Solaris 8, AIX 4.3.3, HP-UX 11i (single user mode) -FIPS-approved algorithms: AES (Cert. #52); Triple-DES (Cert. #162); DSA (Cert. #82); RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #145); HMAC-SHA-1 (Cert. #145, vendor affirmed) -Other algorithms: DES (Cert. #207); MD5; SHA-256; HMAC-MD5; HMAC-SHA-1 96; CAST-128; Blowfish; Twofish; Arcfour; Diffie-Hellman (key agreement) Multi-chip standalone "The SSH Cryptographic Library is a standards-based shared library providing FIPS 140-2 certified cryptographic services for SSH Communications Security's security products. The library provides a rich API and a comprehensive set of state-of-the-art algorithms including AES, 3DES, SHA-1, HMAC, RSA and DSA."
369	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta CSI sToken (Software Versions 4.2.2.0 and 4.2.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2003; 10/14/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurace: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 -FIPS-approved algorithms: Skipjack (Cert. #12); DSA (Cert. #87); SHA-1 (Cert. #162) -Other algorithms: DES (Cert #78); DES MAC (Cert #78, vendor affirmed); RC2; RSA (non-compliant); MD5; HMAC-SHA-1 (Cert #162, vendor-affirmed); KEA (key agreement); Triple-DES (Cert #179, non-compliant) Multi-chip standalone "The Rosetta CSI sToken is a software cryptographic token providing digital signature and encryption services in a PC environment. The Rosetta sToken provides for ease of use, deployment and the assurance provided through independent third party security validation."
368	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Authority™ Security Toolkit for C++ (Software Version 6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/16/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP, SP1a; Windows 2000, SP3; and Windows NT 4.0, SP 6a (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Cert. #6, vendor affirmed); AES (Cert #59); DSA/SHA-1 (Cert #10); HMAC-SHA-1 (Cert #10, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
367	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-010F Cryptographic Client Software and 3e-010F-C Cryptographic Client Software for Intel® PRO/Wireless 2200BG Network Connection and Intel® PRO/Wireless 2915ABG Network Connection (3e-010f: Software Versions 2.0, 2.01, and 2.04, and 3e-010F-C: Version 1.0 Build 14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/16/2003; 01/20/2004; 01/29/2004; 05/25/2004; 05/27/2004 11/04/2004 11/18/2004	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT 4.0 with Service Pack 6, Windows CE 3.0, and PocketPC 2003 (single user mode) -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendlor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "The 3e-010f Crypto Client Software provides advanced wireless RF data security with AES/3DES encryption plus Dynamic Key generation plus session protection. The advanced security options include the standards as established by FIPS-140-2 -- the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments."
366	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Stefan Backstrom TEL: 434-455-6600 FAX: 434-455-6851	EDACS ProVoice Orion System/Scan Mobile Two-Way FM Radios 806 - 870 MHz (Hardware Version No's. D28LPXE and D28MPXE, Firmware Version No. LZY213773/91 Rev 43A) Revoked DES Transition Ended Security Policy Certificate	Hardware	12/16/2003; 01/23/2004	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #218) Multi-chip standalone "The EDACS ProVoice Orion Mobile with FIPS 140-2 security level 1 validation provides digital voice for conventional and trunked communication environments. The Orion also allows for system and scan front mounting."
365	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	Neopostage PSD Module (Hardware P/N 04K9131, Software Version 1.0.0.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/16/2003; 10/03/2006	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Certs. #68 and #84); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #178); Multi-chip embedded "The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters."
364	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-C ME Toolkit (Software 1.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/09/2003; 04/07/2004; 10/01/2004; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode) -FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
363	IBM® Corporation Saeumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osborne TEL: +41 1 724 8458	JCOP21id 32K (Hardware version: P8WE5033AEV/034188i, Firmware version: Mask 20, Applet Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/26/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.# 150); AES (Cert. # 44); SHA-1 (Cert.# 135); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert.#150, vendor affirmed) -Other algorithms: DES (Cert.# 197); DES MAC (Cert. #197, vendor affirmed); AES MAC Single-chip "The JCOP21id is IBM's multi-application smart card, designed to the Java Card v2.1.1 and Global Platform v2.0.1 specifications. The smart card features IBM's PKCS#15 applet which provides standardized high-level security services including, 2048 bit key generation, DES, 3DES, SHA-1, RSA and AES. Additional features include biometric extensions as defined by the Java Card Forum and DAP/mandated DAP security for post issuance applets."
362	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Darren Dupre TEL: 781-515-5000 FAX: 781-515-5010	RSA Applets on the Schlumberger Cyberflex Access 64k Platform (Hardware P/N M512LACC1, Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed) Single-chip "The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications."
361	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder Germany -Dirk Rosenau TEL: +49 3303 525 616 FAX: +49 3303 525 609	Revenector (Hardware P/N 58.0036.0001.00/05 and 58.0036.0006.00/02, Firmware Version 3.22) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 3  -FIPS-approved algorithms: RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. # 158) -Other algorithms: N/A Multi-chip embedded "Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
360	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Versions: 3.6.1, 3.7, and 3.7.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	11/20/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Design Assurance: Level 3 -Self Tests: Level 4 -Tested: BlackBerry® 5810 with the BlackBerry® OS, Version 3.6.1, 3.7 and 3.7.1 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
359	Mitsubishi Electric Corporation 5-1-1 Ofuna Kamakura, 247-8501 Japan -Tetsuo Nakakawaji TEL: +81 0467 41 2186	TurboMISTY (Firmware v2.1.3, Hardware v1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/20/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. # 131); SHA-1 (Cert. #116); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #182); MD5; MISTY1 Multi-chip embedded "PCI Encryption Accelerator Card"
358	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7389	AirFortress™ Client Cryptographic Module (Version 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	11/20/2003	Overall Level: 1  -Software Security: Level 3 -Roles and Services: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd edition, Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); AES (Cert. #14); HMAC-SHA-1 (Cert. #34, vendor affirmed) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement) Multi-chip standalone "The AirFortress(tm) Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
357	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry® Cryptographic Kernel (Firmware Version: 3.6) Validated to FIPS 140-2 Security Policy Certificate	Firmware	11/20/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Self Tests: Level 4 -Design Assurance: Level 3 -Tested: BlackBerry® 5810 with BlackBerry® OS, Version 3.6.0 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
356	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osoborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM® CryptoLite in C (Software Version 3.0 (FIPS 140/Prod)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/20/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with SP3; Red Hat Linux 8.0 (single user mode) -FIPS-approved algorithms: SHA-1 (Cert. #163); Triple-DES (Cert. #180); AES (Cert. #70); DSA (Cert. #88); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #163, vendor affirmed) -Other algorithms: DES (Cert. #220); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2; MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement) Multi-chip standalone "IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
355	3e Technologies International, Inc. 700 King Farm Blvd. Suite 600 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1403	3e-521NP, 3e-522FIPS and 3e-530NP Wireless Gateways (Hardware P/Ns 3e-521NP, 3e-522FIPS and 3e-530NP, Firmware Version 2.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/27/2003	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed) -Other algorithms: RSA (PKCS#1, decryption, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip standalone "The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface."
354	IBM® Corporation Seaumerstrasse 4 Rueschlikon, CH 8803 Switzerland -Michael Osoborne TEL: +41 1 724 8458 FAX: +41 1 724 8953	IBM CryptoLite in Java (Software Version 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with service pack 3 (JRE 1.3.1_03), Sun Solaris 5.8 (JRE 1.3.1), AIX 5.2 (JRE 1.3.1) (single user mode) -FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert.#53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1(Cert. #148, vendor affirmed) -Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2, MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "IBM CryptoLite is a 100% Java software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance. It runs on JDK 1.1 or higher."
353	Fortress Technologies, Inc. 4025 Tampa Rd. Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	NetFortress™ Cryptographic Kernel (Standard Mode and Segemented Mode, Software Version 4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/27/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA Multi-chip standalone "The NetFortress™ Cryptographic Kernel secures private communications among corporate divisions, branch offices, and mobile users. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the NF Crypto Kernel provides encryption, data integrity checking, authentication, access control, data compression, and firewall capabilities; it is IPSec compliant."
352	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	NSD Postage Meter (Versions (Hardware #4127906B-A, Software 10.2), (Hardware #4127906B-B, Software 10.2) and (Hardware #4127907C-A, Software 30.11, 30.13, 30.15 and 30.21)) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/21/2003; 08/06/2004; 08/09/2004; 08/11/2004; 10/06/2004; 04/27/2005; 10/18/2005; 10/03/2006	Overall Level: 2  -Physical Security: Level 3 +EFT -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #119); SHA-1 (Cert. #41); DSA (Cert. #61); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #119, vendor affirmed) -Other algorithms: N/A Multi-chip embedded "The NSD module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes w/ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
351	Certicom Corp. Certicom Corporate Headquarters 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -CerticomEastern US Sales Office TEL: 571-203-0700 FAX: 571-203-9653	Security Builder® Government Solutions Edition (SBGSE) (Version 1) (When operated in FIPS mode - for Palm) Validated to FIPS 140-2 Security Policy Certificate	Software	10/10/2003; 10/17/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Palm OS 4.1 -FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1(Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed) -Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5 Multi-chip standalone "Security Builder GSE is a standards based cryptographic toolkit that provides application developers with sophistocated tools to flexibly integrate encryption, digital signatures and other security mechanisms into their applications. Security Builder provides the cryptographic core for Certicom's products, including movianCrypt, MovianVPN, SSL and wTLS Plus, and Trustpoint PKI products."
350	IBM® Corporation IBM/Tivoli PO Box 3499 Australia Fair Southport, Queensland 4215 Australia -Mike Thomas TEL: +61 7 5552 4030 FAX: +61 7 5571 0420 -Peter Waltenberg TEL: +61 7 5552 4016 FAX: +61 7 5571 0420	IBM® Crypto for C (ICC) (Software Version 0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/03/2003; 08/23/2004; 12/02/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with SUN Solaris 5.8, AIX 5.2 and Windows 2000 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed, non-compliant); RC2; RC2-40; RC2-64; RC4; Blowfish; CAST; RSA (encryption/decryption); MD2; MD4; MD5; RIPEMD; HMAC-MD5 Multi-chip standalone "The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
349	Colubris Networks Inc. 420 Armand-Frappier Suite 200 Laval, Quebec H7V 4B4 Canada -Stephane Laroche TEL: 450-680-1661 x123 FAX: 450-680-1910	Colubris CN1050 and CN1054 Wireless LAN Routers (Hardware Versions CN1050 and CN1054; Firmware Version 1.24-01-1736) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/03/2003	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Certs. #149, #150; #151); HMAC-SHA-1 (Certs. #149, #150; #151, vendor affirmed); Triple-DES (Certs. #164, #165; #166); AES (Certs. #54 and #55); RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #209); MD4; MD5; HMAC-MD5; SHA-2; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Colubris CN105x Secure Wireless LAN Router enables strong security for wireless enterprise networking, using embedded IPSec VPN and firewall functionalities."
348	Francotyp-Postalia Francotyp-Postalia AG & Co. KG Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49 3303 525 616 FAX: +49 3303 525 609	Postal Revenector (Hardware P/N Version 58.0036.0001.00/05, Firmware P/N Version 90.0036.0006.00/02) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/25/2003	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #39); SHA-1 (Cert. #43); RSA (PKCS #1, vendor affirmed); ECDSA (FIPS 186-2, vendor affirmed); HMAC-SHA-1 (Cert. #43, vendor affirmed) -Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia’s mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP)."
347	Information Security Corporation 1141 Lake Cook Road Suite D Deerfield, IL 60015 USA -Michael J. Markowitz TEL: 847-405- 0500	ISC Cryptographic Development Kit (CDK) V7.0 (Version 7.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	09/24/2003	Overall Level: 1  -EMI/EMC: Level 3 -Software Security: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #115); DSA (Cert. #65); AES (Cert. #9); Skipjack (Cert. #9); SHA-1 (Cert. #100); HMAC-SHA-1 (Cert. #100, vendor affirmed); ECDSA (vendor affirmed); RSA (PDCS#1, vendor affirmed) -Other algorithms: DES (Cert. #171); MD2; MD5; RC2; RC4; DESX; ElGamal; EC EIGamal; HMAC-MD5; SHA-256; SHA-384; SHA-512 Multi-chip standalone "A software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."
346	IBM® Corporation 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	Security Module with CP/Q++ (Hardware: P/N 04K9036, EC CF75600M, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/24/2003	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796) Multi-chip embedded "The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure-storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
345	IBM® Corporation 2455 South Road / P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	Security Module with CP/Q++ (Hardware: P/N 04K9131, EC F 72272D, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/24/2003	Overall Level: 3  -Physical Security: Level 4 -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796) Multi-chip embedded "The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure- storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
344	Stonesoft, Inc. 115 Perimeter Center Place Suite 1000 Atlanta, GA 30346 USA -Klaus Majewski TEL: 678-259-3411 FAX: 770-668-1131	StoneGate High Availability Firewall and VPN (Version 2.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	09/16/2003; 10/07/2003; 04/29/2004	Overall Level: 1  -Tested: Debian GNU/Linux Version 3.0 -FIPS-approved algorithms: Triple-DES (Certs. #145, #146; #147); AES (Certs. #39 and #40); DSA (Certs. #77 and #78); SHA-1 (Certs. #131 and #132); HMAC-SHA-1 (Cert. #132, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #194); Blowfish; Twofish; CAST-128; SHA-256 (vendor affirmed, non-compliant); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "StoneGate is a firewall and VPN software solution. It features clustering, load balancing between multiple ISPs, encrypted VPN client connectivity and advanced central administration tools."
343	Wei Dai 13440 SE 24th Street Bellevue, WA 98005 USA -Wei Dai TEL: 425-562-9677	Crypto++ Library (Version 5.0.4) Validated to FIPS 140-2 Security Policy Certificate	Software	09/05/2003; 10/28/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional Operating System, Service Pack 1 (single user mode) -FIPS-approved algorithms: AES (Cert. #87); Triple-DES (Cert. #198); Skipjack (Cert. #13); DSA (Cert. #79); SHA-1 (Cert. #134); HMAC-SHA-1 (Cert. #134, vendor affirmed); Triple-DES MAC (Cert. #198, vendor affirmed); ECDSA (vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
342	Eracom Technologies Australia, Pty. Ltd. 28 Greg Chappell Drive Burleigh Heads, QLD 4220 Australia -Gerry Scott TEL: 916-677-2450 FAX: 916-677-2460	ProtectHost Orange Hardware Security Module and ProtectHost Orange Hardware Security Module with ORGA FM (Hardware Revision A, Firmware Version 1.34.00, Software Version 1.01.11, ORGA FM Version 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2003; 09/24/2003; 10/18/2005	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #37); Triple-DES (Cert. #63); DSA (Cert. #47); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #55); RSA (PKCS#1 and ANSI X9.31, vendor affirmed); SHA-1 (Cert. #55); Triple-DES MAC (Cert. #63, vendor affirmed) -Other algorithms: DES (Cert. #124); DES MAC (Cert. #124, vendor affirmed); Diffie-Hellman (key agreement); CAST 128; IDEA; MD2; MD5; HMAC-MD5; RC2; RC4; RIPEMD-128; RIPEMD-160; HMAC-RIPEMD-128; HMAC-RIPEMD-160; CAST MAC; IDEA MAC; RC2 MAC; RC4 MAC Multi-chip standalone "The Eracom protecthost orange is an advanced Hardware Security Module (HSM) offering high speed cryptographic processing and key management. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
341	ReefEdge, Inc. 2 Executive Dr. Fort Lee, NJ 07024 USA -Silvia Ercolani TEL: 201-242-9700 FAX: 201-242-9760	Edge Controller 100x (Software v3.1.3, Hardware v3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/29/2003	Overall Level: 2  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #171, #172; #173); SHA-1 (Certs. #155, #156; #157); HMAC-SHA-1 (Certs. #155, #156; #157, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: RC4; MD5; HMAC-MD5 Multi-chip standalone "The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
340	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-962-6248	Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX (Hardware P/N 103-500000-00/101-500040-00 Rev E/Rev C, Firmware Version 4.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/29/2003; 04/25/2007	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text."
339	AKCode, LLC. 13130 Roundup Ave. San Diego, CA 92129 USA -Robert Spraggs TEL: 250-542-0112 FAX: 250-549-3751	Anonymous Key Technology-C++ and Java Suite (Software Versions 1.0.0 and 1.0.2) Validated to FIPS 140-2 Security Policy Certificate	Software	07/31/2003; 10/06/2003; 07/28/2005; 08/24/2005	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2000, XP, and NT 4.00; SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode -FIPS-approved algorithms: AES (Certs. #38 and #47); SHA-1 (Certs. #128 and #142); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed) -Other algorithms: PPP (key transport) Multi-chip standalone "Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, CAC cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows CE, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI."
338	Axalto Inc. 8311 North FM 620 Rd. Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access e-gate 32K (Hardware P/N M256LCAEG1, Firmware Version HardMask 2v2, SoftMask 3v1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 09/21/2004; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #143); Triple-DES MAC (Cert. #143, vendor affirmed); SHA-1 (Cert. #129); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #192); DES MAC (Cert. #192, vendor affirmed); Single-chip "Cybeflex Access e-gate 32K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications, supporting on-card DES (used only for legacy systems) and RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB). The Cyberflex Access e-gate 32K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
337	Phaos Technology Corporation 520 Madison Avenue 30th Floor New York, NY 10022 USA -Darren Calman TEL: 212-508-7700	Phaos Crypto (Software Versions 3.0 and 3.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/07/2003; 04/30/2004; 08/23/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Window 2000 (Single User mode), Sun Java 2 Runtime Environment (V1.3.1) -FIPS-approved algorithms: AES (Cert. #42); Triple-DES (Cert. #148); SHA-1 (Cert. #138); HMAC-SHA-1 (Cert. #138, vendor affirmed); RSA (PKCS#1, vendor affirmed); DSA (Cert. #81); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #195); RC2; RC4; Blowfish; MD2; MD4; MD5; SHA-2; RSA (encryption/decryption); Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement) Multi-chip standalone "Phaos Crypto provides a state-of-the-art set of core cryptography algorithms in Java. It includes a comprehensive cryptographic library supporting the most current algorithms like AES, RSA-OAEP, SHA- 256/384/512, X.9-42 as well as legacy algorithms that are still used in corporate systems like 3DES, DES, MD2 etc.. Phaos Crypto allows developers to integrate cryptography into any Java application or applet. For high security deployments, Phaos Crypto provides transparent migration to cryptographic hardware without requiring any changes to existing applications."
336	Motorola, Inc. 8220 E Roosevelt St. Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Digital Interface Unit Crypto Module (DIU CM) (Hardware P/N T6721A Version CLN7611C, Firmware Versions R82.00.02 and R82.01.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 01/05/2004; 03/30/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
335	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-204/208 (Hardware P/N NS-204 and NS-208 Version 0110(0), Software ScreenOS 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-204/208 are purpose-built network security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
334	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-500 (Hardware P/N NS-500 Version 4110(0), Software ScreenOS 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #12); Triple-DES (Certs. #49 and #50); DSA/SHA-1 (Cert. #75); SHA-1 (Cert. #47); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #47, vendor affirmed) -Other algorithms: DES (Certs. #114 and #115); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
333	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher PMC 1600 PCI (Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160 Multi-chip embedded "The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI is a FIPS 140-2 level 3 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
332	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher PMC 1600 PCI (Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160 Multi-chip embedded "The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI may be initialized as a FIPS 140-2 level 2 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
331	Motorola, Inc. 8220 E Roosevelt St. Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Key Management Facility Crypto Card (KMF CC) (Hardware P/N T6722A Version CLN7612B, Firmware Version R01.08) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/27/2003; 03/30/2004	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
330	Lipman Electronic Engineering Ltd. 11 Haamal Street Park Afek, Rosh Haayin 48092 Israel -David S. Kaplan TEL: 972-3-902-9730 FAX: 972-3-902-9731	NURIT 202 PIN Pad (Hardware P/N NURIT 0202-XXX-M21-YYY [XXX: Country Code, YYY: Color Code]*, Firmware Version M02.25) (Refer to the cryptographic module’s security policy for the details on the letters) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/27/2003; 04/30/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #123); Triple-DES MAC (Cert. #123, vendor affirmed) -Other algorithms: DES (Cert. #177); DES MAC (Cert. #177, vendor affirmed) Multi-chip standalone "The NURIT 202 is an advanced, easy-to- use handheld PIN Pad allowing for protected debit/credit transactions. The NURT 202 can be interconnected with any NURIT point-of-sale (POS) terminal, or terminals of other manufacturers."
329	CyberGuard Corporation 2000 W. Commercial Blvd Suite 200 Ft. Lauderdale, FL 33309 USA -Soheila Amiri TEL: 954-958-3900	CyberGuard Cryptographic Module (Version: 5.0P1f) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/27/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #102); SHA-1 (Cert. #109); AES (Cert. #6); DSA (Cert. #69); HMAC-SHA-1 (Cert. #109, vendor affirmed) -Other algorithms: DES (Cert. #161); Diffie-Hellman (key agreement); Twofish; Blowfish; CAST-128; MD5; Tiger192; RIPEMD-160; HMAC-MD5 Multi-chip standalone "The CyberGuard Firewall/VPN is a packet-filtering and application proxy gateway, which allows or blocks the routing of specific network services between networks based on a set of administrator-defined rules."
328	Bodacion Technologies 18-3 E Dundee Rd Suite 300 Barrington, IL 60010 USA -Eric Uner TEL: 847-842-9008	HYDRA Server Cryptographic Module (Hardware Version: 1.4, Firmware Version: 1.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/27/2003	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #126); SHA-1 (Cert. #110) -Other algorithms: RSA (non-compliant); AES (non-compliant); RC4; MD5 Multi-chip standalone "HYDRA is an internet server built without an operating system from the ground up to be totally secure. It contains everything you need to run a high-performance, secure Web site including HTTP, HTTPS, and FTP servers, Web-based administration, and Java/JSP capabilities."
327	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets (Hardware P/N SLE66CX320P, Firmware Version Softmask 7 V2, Hardmask 2 V2; Applets: Gina Applet Version 1.1, Smart Login Applet Version 1.1, PKI Applet Version1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 09/21/2004; 05/25/2006	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #65); Triple-DES MAC (Cert. #65, vendor affirmed); SHA-1 (Cert. #57); RSA (PKCS#1, vendor affirmed) -Other algorithms: N/A Single-chip "The Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets is a single chip implementation of a Java Card 2.1.1 compliant smart card module. It is also compliant with OP 2.0.1, thus establishing a well defined security infrastructure through applet instantiation, key management and security policy configuration which can be performed using FIPS 140-2 compliant mechanisms."
326	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-5200 (Hardware P/N NS-5200 Version 3010(0), Firmware Version 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 08/29/2003	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA/SHA-1 (Cert. #76); SHA-1 (Certs. #103 and #119); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1(Certs. #103 and #119, vendor affirmed) -Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-5200 is a purpose-built internet security appliance that provides advanced firewall and IPSec VPN functionality, optimized for the most demanding environments such as large enterprise offices, carrier infrastructures, or service providers. The NetScreen-5200 is capable of 2 Gbps 3DES VPN throughput."
325	NetScreen Technologies, Inc. 805 11th Avenue Building 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-5XT (Hardware P/N NS-5XT Version 3010(0), Firmware Version 4.0.0r7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/17/2003; 08/29/2003	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The NetScreen-5XT is a purpose-built internet network security appliance that delivers firewall, VPN, and traffic management optimized for remote offices, home offices, and telecommuters."
324	IP Dynamics, Inc. 2880 Stevens Creek Boulevard San Jose, CA 95128 USA -Zulfikar Ramzan TEL: 408-961-6349 FAX: 408-961-6390	VCN Member Agent Cryptographic Module (Software Version 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Window 2000 professional, Service Pack 2 Operation System (single-user mode) -FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed); Triple-DES (Cert. #141) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
323	IP Dynamics, Inc. 2880 Stevens Creek Boulevard San Jose, CA 95128 USA -Zulfikar Ramzan TEL: 408-961-6349 FAX: 408-961-6390	VCN Manager Cryptographic Module (Software Version 4.2) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003; 06/27/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 2 with Solaris Version 8 FCS with AdminSuite Version 3.0.1 FCS with patches 108875 and 108879-02 for SPARC platforms, Sun Ultra 10 with UltraSPARC IIi 333MHz, JDK 1.4.0 -FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
322	Palm Solutions Group 400 N. McCarthy Blvd Milpitas, CA 95035 USA -Rebecca Taylor TEL: 408-503-7500 FAX: 408-503-2750	Crypto Manager (Software Version 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	06/06/2003	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Palm OS 4.1 -FIPS-approved algorithms: AES (Cert. #19); SHA-1 (Cert. #115); HMAC-SHA-1 (Cert. #115, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Crypto Manager Version 2.0 provides cryptographic services to applications on the Palm platform. Using the Crypto Manager API (Application Programming Interface), application developers can access strong cryptographic services without having expertise in cryptography. Crypto manager is designed to be used on any devices running Palm OS 3.0 or higher. It features strong encryption via AES, HMAC SHA-1 message authentication and SHA-1 digests Crypto Manager is built to comply with FIPS 140-2 Level 1."
321	IBM® Corporation CC1A/502/K301 4205 S. Miami Blvd. Durham, NC 27703 USA -Keith Medlin TEL: 919-543-2014 FAX: 919-486-0675	IBM® Everyplace™ Wireless Gateway Cryptographic Module (Version 1.6) Validated to FIPS 140-2 Security Policy Certificate	Software	05/29/2003	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 EAL4 (Solaris SunBlade 1000); AIX 5L Version 5.2 EAL4+ (IBM pSeries 660 Model 6H1) -FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74) -Other algorithms: DES (Cert. #191) Multi-chip standalone "The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, security-enhanced data access by both Wireless Application Protocol (WAP) clients and non- WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks. The cryptographic module was tested on a AIX Version 5.2 platform."
320	IBM® Corporation CC1A/502/K301 4205 S. Miami Blvd. Durham, NC 27703 USA -Keith Medlin TEL: 919-543-2014 FAX: 919-486-0675	IBM® Everyplace™ Wireless Gateway Cryptographic Module (Version 1.6) Validated to FIPS 140-2 Security Policy Certificate	Software	05/29/2003	Overall Level: 1  -Roles, Services, and Authentication: Level 2; -EMI/EMC: Level 3; -Design Assurance: Level 2; -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP2; Microsoft Pocket PC 2002 -FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74) -Other algorithms: DES (Cert. #191) Multi-chip standalone "The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, securityenhanced data access by both Wireless Application Protocol (WAP) clients and non-WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks."
319	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-574-0100 FAX: 510-574-0101	Cyberflex Access 64K v1 with ActivCard applet suite (P/N M512LACC1, FW HardMask 5 v1 & SoftMask 2 v1 and 4 v1, Applet versions: ID Applet 1.0.0.23, 1.0.0.24 and 1.14.0.19, PKI Applet 1.0.0.26, 1.0.0.30 and 1.14.0.21, GC Applet 1.0.0.26 and 1.0.0.28) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 10/03/2003; 12/03/2003; 08/03/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3; -Physical Security: Level 3; -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC Single-chip "Cyberflex Access 64K v1 with ActivCard applet suite, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1."
318	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881	Cyberflex Access 64K (Hardware: M512LACC1, Firmware: HardMask 5v1, SoftMask 2v1, 4v1, and 4v2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 07/03/2003; 07/15/2003; 06/25/2004; 09/21/2004; 06/06/2005; 05/25/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #179); DES MAC Single-chip "The Cyberflex Access 64K can be employed in solutio ns which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K supports on-card Triple DES and 1024-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
317	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	Astro Subscriber Encryption Module (HW PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67, FW v03.55, and v03.56) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/29/2003; 06/11/2003; 03/30/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
316	Certicom Corp. Certicom Corporate Headquarters 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Certicom Eastern US Sales Office TEL: 571-203-0700 FAX: 571-203-9653	Security Builder® Government Solutions Edition (SBGSE) (Version 1.0.1) (When operated in FIPS mode - for Windows and WinCE) Validated to FIPS 140-2 Security Policy Certificate	Software	05/13/2003; 06/30/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Dell Optiplex GX1 (Windows 98); Compaq iPAQ Pocket PC (WinCE) -FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1 (Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5 Multi-chip standalone "Security Builder GSE is a standards-based cryptography toolkit that provides application developers with the sophisticated tools and flexibility needed to integrate encryption, digital signatures, and other security mechanisms into their applications. Security Builder provides the cryptographic core for a variety of Certicom products, including movianCrypt, movianVPN, SSL Plus, Trustpoint PKI products and toolkits and certificates, and WTLS Plus. Security Builder is also licensed to third party companies."
315	Motorola, Inc. 1301 E. Algonquin Rd. Schaumburg, IL 60196 USA -Phil Gemmato TEL: 847-576-4707 FAX: 847-538-2770	Motorola Gold Elite Gateway Secure Card (MGEG SC) (HW Versions CLN7637b and CLN7637c, FW Versions R01.00.00, R01.03.07 and R01.04.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/13/2003; 11/26/2003; 12/03/2003; 12/24/2003; 04/13/2004; 07/27/2004	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); SHA-1; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
314	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	Model 330J with JCCOS Applet (Firmware Version: 2.0, Hardware Version: P8WE5033AEV/024A181) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/24/2003; 02/22/2005	Overall Level: 2  -Physical Security: Level 3; -EMI/EMC: Level 3; -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #144); SHA-1 (Cert. #130); RSA (singnature generation/verification PKCS#1 v1.5, vendor affirmed) -Other algorithms: DES (Cert. #193); RSA (decryption) Single-chip "The Model 330J is SAFENET'S multi-application smart card, designed to the JavaCard v2.1.1 and Global Platform v2.0.1 specifications. The Model 330J smart card features SAFENET'S JCCOS operating system applet (Javabased Cryptographic Card Operating System). JCCOS is an advanced cryptographic applet that, when loaded onto a multi-application JavaCard, enables FIPS 140-2 Level 2 validation."
313	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2501	Entrust Authority Security Toolkit for Java (Software Version 6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/28/2003	Overall Level: 1  -EMI/EMC: Level 3; -Operational Environment: Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3 -FIPS-approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption) Multi-chip standalone "Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
312	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions 3.3 and 3.3.1) Validated to FIPS 140-2 Security Policy Certificate	Firmware	03/28/2003; 04/25/2003; 05/02/2003; 04/29/2004; 08/24/2005	Overall Level: 1  -Tested: BlackBerry 5810 with the RIM Proprietary OS, Version 3.3.0 -FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Multi-chip standalone "BlackBerryTM is the leading wireless enterprise solution that allows users to stay onnected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerryTM is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerryTM Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerryTM."
311	TLC-Chamonix, LLC 120 Village Square Suite 11 Orinda, CA 94563 USA -Phil Smith TEL: 877-479-4500 FAX: 877-639-3470	Cranite Wireless Access Controller (Software Versions 2.0, 3.0, 3.0.5e and 3.0.5f) Validated to FIPS 140-2 Security Policy Certificate	Software	03/20/2003; 07/10/2003; 03/29/2004; 02/03/2005; 02/21/2006; 02/24/2006; 03/10/2006; 05/20/2008	Overall Level: 1  -EMI/EMC: Level 3; -Cryptographic Key Managements: Level 3; -Operational Environment: Tested as meeting Level 1 with RedHat Linux 7.0 -FIPS-approved algorithms: Triple-DES (Cert. #130); AES (Cert. #24); SHA-1 (Cert. #113); HMAC-SHA-1 (Cert. #113, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: MD5; RSA (key exchange) Multi-chip standalone "The Cranite Wireless® Access Controller is a cryptographic software system for wireless LANs that enforces network access rights, encrypts / decrypts authorized traffic, and provides seamless, secure mobility services to users as they mo ve across subnets. The Cranite Wireless Access Controller software installs onto a standard, enterprise-class hardware platform."
310	Standard Networks, Inc. 344 South Yellowstone Drive Madison, WI 53705 USA -Reid MacGuidwin TEL: 608-227-6100	MOVEit Crypto (Versions 1.0.1.0 and 1.1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/11/2003; 03/20/2003; 01/30/2004	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and RedHat Linux 9.0 (single user mode) -FIPS-approved algorithms: AES (Cert. #30); SHA-1 (Cert. #124); HMAC-SHA-1 (Cert. #124, vendor affirmed) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "MOVEit Crypto is a 32-bit compact dynamically linked library (DLL) that provides fast encryption services to applications running on Microsoft Windows operating systems. MOVEit Crypto is supported on Windows 95/98/ME/NT 4.0/2000/XP. MOVEit Crypto provides an API featuring NIST-approved AES encryption, SHA-1 hashing, and pseudo-random number generation algorithms. The easy-to-use programming interface allows applications to be written without special code for details like block size, padding mode, and so on. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
309	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-C ME Toolkit Module (Version 1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/07/2003; 10/01/2004; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode) -FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed) -Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption) Multi-chip standalone "The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
308	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Security Kernel Version 7.0 (Version 7.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	03/07/2003	Overall Level: 2  -Roles and Services: Level 2*; -EMI/EMC:Level 3; -Key Management: Level 2*; -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C3-2-rated on a Compaq ProLiant 7000 Server; *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #6); AES (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); DSA/SHA-1 (Cert. #10); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RIPEMD-160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (vendor affirmed, non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
307	Symbol (Columbitech) 641 Alpha Drive Pittsburgh, PA 15238 USA -Bill Forrest TEL: 412-968-2200 FAX: 412-968-2269	WTLS Cryptographic Module (Software Versions 1.2, 1.3.1 and 1.3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/07/2003; 03/14/2003; 03/20/2003; 05/23/2003; 03/30/2004; 03/11/2005; 09/12/2006	Overall Level: 1  -EMI/EMC: Level 3; -Design Assurance: Level 2; -Self Tests: Level 4; -Operating Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT4.0 and Windows CE3.0 -FIPS-approved algorithms: Triple-DES (Cert. #134); AES (Cert. #25); SHA-1 (Cert. #120); HMAC-SHA-1 (Cert. #120, vendor affirmed); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #185); RSA (encrypt/decrypt); SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5 Multi-chip standalone "Symbol Technologies Inc is using the WTLS Cryptographic Module in the AirBEAM® Safe product, a software only VPN solution built on standards, installable today, without any proprietary adjustments, and extendable for any future needs and technologies. In summary, AirBEAM® Safe benefits include strong security framework, using an advanced architecture with PKI support, true end-to-end security, authentication outside the firewall; optimized wireless performance using advanced data compression; convenience of always-on connectivity and seamless roaming between different public networks, LAN/WLAN/GPRS. Supported clients; PPC 2002, Windows 2000/XP Supported servers: Windows 2000/NT 4.0"
306	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 1000 (Software Version 6.0.554, Hardware Version 1000, Part #300533882) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96) -Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
305	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 1000 with Encryption Accelerator Card (Software Version 6.0.554, Hardware Version 1000, Part #300533890) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96) -Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
304	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 201 (Software Version 6.0.554, Hardware Version 201, Part #300546884) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96) -Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
303	Lucent Technologies, Inc. 101 Crawfords Corner Road Room 4D-218 Holmdel, NJ 07733 USA -Steve Reustle TEL: 732-332-6281 FAX: 732-949-1373	Brick 201 with Encryption Accelerator Card (Software Version 6.0.554, Hardware Version 201, Part #300546892) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/07/2003	Overall Level: 2  -Roles and Services: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96) -Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
302	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI and nForce 400 SCSI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022W-150 and nC3022W-400, Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Cryptographic Module Ports and Interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level Conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
301	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022P-150 and nC3022P-300, Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Physical Security: Level 3; -Cryptographic Module Ports and Interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level Conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
300	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign SCSI and nShield F3 Ultrasign 32 SCSI and payShield (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032W-150, nC4032W-400 and nC4132W-400, Build Standard DP) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
299	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI, nShield F2 Ultrasign SCSI and nShield F2 Ultrasign 32 SCSI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022W-150, nC4022W-400 and nC4122W-400, Build Standard DR) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -EMI/EMC: Level 3; -Cryptographic Module Ports and Interfaces :Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
298	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI, nShield F2 Ultrasign PCI and nShield F2 Ultrasign 32 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022P-150, nC4022P-300 and nC4122P-300, Build Standard ER) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 2 or 3*; -Physical Security: Level 3; -Cryptographic Module Ports and interfaces: Level 2 or 3*; -Cryptographic Key Management: Level 2 or 3*; *Level conditional on configuration as per Security Policy -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
297	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI, nShield F3 Ultrasign PCI and nShield F3 Ultrasign 32 PCI (Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032P-150, nC4032P-300 and nC4132P-300, Build Standard ER) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 05/09/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160 Multi-chip embedded "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
296	Atalla Security Products of Hewlett Packard Corporation 10555 Ridge View Court Cupertino, CA USA -Denise Santos TEL: 800-523-9981 FAX: 408-285-2221	Atalla Cryptographic Engine (ACE) (ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 03/18/2003	Overall Level: 3  -Physical Security: Level 3 +EFP; -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Cert. #128, vendor affirmed) -Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption) Multi-chip embedded "The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products."
295	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI and nCipher 1600 PCI (Firmware Versions 2.0.1-2 and 2.0.5-2, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 01/23/2004	Overall Level: 2  -Roles, Services, and Authentication: Level 3; -Physical Security: Level 3; -EMI/EMC: Level 3; -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
294	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI and nCipher 1600 PCI (Firmware Versions 2.0.1-3 and 2.0.5-3, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/07/2003; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160 Multi-chip embedded "The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
293	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 32K (Version 4.2.5.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 2  -Roles and Services: Level 3; -EMI/EMC: Level 3; -Key Management: Level 3; -Module Interfaces: Level 3; -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #153); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
292	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 32K HD (Version 4.2.5.4.HD) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert.#153); Triple-DES MAC; Triple-SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
291	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 16K (Version 4.1.5.4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 2  -Roles and Services: Level 3; -EMI/EMC: Level 3; -Key Management: Level 3; -Module Interfaces: Level 3; -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
290	Aladdin Knowledge Systems, Ltd. 15 Beit Oved Street Tel Aviv, 61110 Israel -Leedor Agam TEL: +972 3636 2222 FAX: +972 3537 5796	eToken PRO 16K HD (Version 4.1.5.4.HD) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/13/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1) Multi-chip standalone "The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
289	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J Toolkit Module (Version 3.3.4.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	02/04/2003; 10/01/2004; 12/14/2004; 12/16/2004; 01/04/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT SP 6 (single user mode), JVM v1.3.1, JRE v1.3.1 -FIPS-approved algorithms: Triple-DES (Cert. #112); AES (Cert. #45); SHA-1 (Cert. #97); DSA (Cert. #63); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #168); DESX; RC2; RC4; RC5; MD2; MD5; HMAC-SHA-1 (Cert #97); Diffie-Hellman (key agreement); Base64 Multi-chip standalone "The Crypto-J Module is a Java-language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java ARchive, or JAR, file."
288	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Ann Smith TEL: 703-248-6931 FAX: 703-248-6932	ValiCert Security Module (SW Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	02/04/2003; 06/10/2004	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 Server, SUN Solaris 2.8 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #83); SHA-1 (Cert. #72); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #72, vendor affirmed) -Other algorithms: DES (Cert. #144); MD2; MD5; RC2; RC4; RSA encryption (key distribution) Multi-chip standalone "The ValiCert VA Toolkit 4.3 is built on our FIPS 140-1 cryptographic module. The 4.3 toolkit release has several new APIs and features. The library is also used within ValiCert Desktop Validator, Server Validators, Enterprise Validation Server, Document Authority, and Secure Transport Products. New features in VA Toolkit 4.3 include New APIs for fetching CRLs; Extended APIs for Certificate-Store ; Extended support for CRLs ; JITC compliance features ; TLS ; SSL Tunneling via Proxy Servers. The 4.3 release and prior releases support OCSP, SCVP, CRL, CRLdp protocols over HTTP, and HTTPS. The VA Toolkit 4.3 supports Windows 98/ NT/2000, Solaris 5.6/5.7/5.8, HP UX 11.0, and AIX 4.3. The Toolkit works along with FIPS 140-1 Level 3 and Level 4 validated hardware devices: e.g. nCipher, Baltimore, and Chrysalis-ITS hardware signing / encryption modules. The toolkit is also tested for interoperability with various PKI vendors: AOL/Netscape, Sun/Iplanet, Entrust, Baltimore, Verisign, Computer Associates and RSA Security products."
287	Mykotronx, Inc. 357 Van Ness Way Suite 200 Torrance, CA 90501 USA -B. Yamamoto TEL: 310-533-8100	82A FORTEZZA Crypto Card (HW PN 650000-3 Version 6, FW Version 3) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	02/04/2003	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Certs. #7 and #10) -Other algorithms: KEA Multi-chip standalone "The Mykotronx 82A FORTEZZA Crypto Card provides cryptographic security and authentication methods in a PC Card hardware token for government and commercial applications. Self- contained, standardized, and easily integrated, the 82A FORTEZZA Crypto Card enables portable security, with onboard storage of user credentials, keys, and digital certificates."
286	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Software Version 2.4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	01/17/2003; 01/22/2003; 01/31/2006	Overall Level: 2  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 2 with Sun SPARC Ultra-10 running Sun Solaris 8 Operating System (EAL 4 configuration) -FIPS-approved algorithms: Triple-DES (Cert. #120); AES (Cert. #13); DSA (Cert. #66); SHA-1 (Cert. #104); RSA (signature generation/verification: ANSI X9.31, vendor affirmed); HMAC-SHA-1 (Cert. #104, vendor affirmed) -Other algorithms: DES (Cert. #175); Diffie-Hellman (key agreement); RSA (encryption/decryption, PKCS#1); RSA (key-distribution); MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; Password Based Encryption (PKCS#12); UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword (Novell) Multi-chip standalone "Novell International Cryptographic Infrastructure (NICI) for Solaris is a cryptographic module providing keys, algorithms, various key storage and usage mechanisms, and a large-scale key management system. Supported Novell services utilizing NICI includes eDirectory, Novell Modular Authentication Service (NMAS), Public Key Infrastructure Services, Novell SecretStore, and TLS/SSL."
285	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Greg Farmer TEL: 434-455-6600 FAX: 434-455-6851	Jaguar 700P/Pi (HW P/Ns [HA8ESE, HA8ETE, HA8MSE, HA8MTE, HA8SSE, HA8STE, HA8TSE and HA8TTE], FW Version i6r06a01.dsp) Revoked DES Transition Ended Security Policy Certificate	Hardware	01/17/2003; 02/12/2003	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #141) Multi-chip standalone "Portable, 64-bit Encryption, EDACS JAGUAR 700P, 800MHZ, 128 SYSTEMS/GROUPS, DATA ENABLED EDACS radio. System and Scan version, with Intrinsically Safe (IS), and Immersion options."
284	NetScreen Technologies, Inc. 805 11th Avenue Bldg. 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-204 and NetScreen-208 (Hardware PN's NS-204 and NS-208, Version 0110(0), Software ScreenOS 3.1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	01/17/2003; 02/21/2003; 06/03/2003	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #49 and #118); SHA-1 (Certs. #44 and #103); DSA (Cert. #44); AES (Certs. #11 and #12); HMAC-SHA-1 (Cert. #44, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #114 and #174); RC2; RC4; MD5; RSA (Encryption and Decryption); Diffie-Hellman (key agreement) Multi-chip standalone "NetScreen-204 and NetScreen-208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
283	Simple Access Inc. 7755 Boul. Henri Bourassa Ouest Saint-Laurent, Québec H4S 1P7 Canada -Gatéan Haché TEL: 514-335-7676 FAX: 514-335-2099	SSL-100 SDK Accelerator (Hardware Revision 2.0.1.4a, Firmware Version 1.1B) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/17/2003	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #122); DSA (Cert. #67); SHA-1 (Cert. #106); RSA (PKCS#1, vendor affirmed) -Other algorithms: MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The Simple Access SSL-100 SDK is a high performance drop-in accelerator card that processes up to 4000 1024-bit RSA keys/second. A single SSL-100 SDK will allow a Web server to achieve sustained throughput of up to 1600 new SSL connections per second using 1024-bit operands. The SSL-100 SDK offloads SSL processing and the huge cryptographic computations from the server, freeing the CPU to respond immediately to transactions. This solution eliminates dropped connections, failed transactions and slow response times thereby maintaining user loyalty to transactional Web sites."
282	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	ASTRO Subscriber Universal Crypto Module (HW P/Ns NTN9801B, NTN9738C, NNTN5032D, NNTN5032G, 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11 and 0104025J12; FW R05.00.13, R05.02.00, R05.02.02, R05.03.00, R05.04.01 and R05.05.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/20/2002; 05/30/2003; 06/11/2003; 11/26/2003; 12/24/2003; 03/30/2004; 07/27/2004; 01/13/2006; 12/19/2006	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES MAC; SHA-1; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed) Multi-chip embedded "Encryption modules used in Motorola ASTRO(TM) family of radios provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
281	V-ONE Corporation, Inc. 20250 Century Blvd. Suite 300 Germantown, MD 20874 USA -Chris Brook TEL: 301-515-5242 FAX: 301-515-5280	SmartGate® (Version 4.3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	12/23/2002; 01/09/2003; 06/18/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -Operating System Security: Tested as meeting Level 1 with Red Hat Pro Linux 7.2 and Sun Solaris 8 (Single User Mode) -FIPS-approved algorithms: Triple-DES (Cert. #46); SHA-1 (Cert. #10); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #159); DES MAC (Cert. #159); MD5; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "V-ONE Corporations SmartGate is leading client/server Virtual Private Network (VPN) software that provides enterprise-level security to network-based users for private information and private TCP/IP application services. SmartGate provides encryption, strong user authentication, authorization, management, accounting, key distribution, and proxy capabilities. It consists of server (SmartGate) and client (SmartPass) software."
280	Tricipher, Inc. 1900 Alameda de las Pulgas Suite 112 San Mateo, CA 94403 USA -Tim Renshaw TEL: 650-372-1300	Secure Identity Appliance (Hardware: Dell 2550 Server, Software version 2.5.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2002; 02/22/2005	Overall Level: 2  -Roles and Services: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #101); SHA-1 (Cert. #90); RSA (PKCS #1, vendor affirmed) -Other algorithms: HMAC-SHA-1 (Cert #90, vendor affirmed); MD5; RSA (encryption) Multi-chip standalone "The SingleSignOn.Net Secure Identity Appliance is a Public Key Infrastructure (PKI) and password authentication solution. It allows for the easy deployment of PKI scalable to large numbers of users and provides an ID/Password system that uses the underlying PKI to provide security and robustness. The Secure Identity Appliance is able to perform public key-based cryptography, including digital signatures and encryption."
279	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client) (Software Version 4.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	11/26/2002; 08/18/2006; 08/29/2006; 04/30/2007; 06/23/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95 SR2 (single user mode) -FIPS-approved algorithms: AES (Cert. #21); DSA (Cert. #53); SHA-1 (Cert. #71) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "McAfee Endpoint Encryption for PCs Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
278	Entrust CygnaCom 7925 Jones Branch Drive Suite 5200 McLean, VA 22102 USA -Gary Moore TEL: 703-270-3572 FAX: 703-848-0960	Entrust CygnaCom IPSec Cryptographic Module (Version 1.0) Validated to FIPS 140-1 Security Policy Certificate	Software	11/07/2002; 08/23/2004	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with SCO CMW+ V3.0.1 Operating System (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #91); SHA-1 (Cert. #79); HMAC-SHA-1 (Cert. #79, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Entrust CygnaCom IPSec Cryptographic Module is a software cryptographic module intended to provide secure IPSEC communications between client workstations/laptops and servers. The communications are secured by the use of Triple DES (TDES) running in the Triple Cipher Block Chaining (TCBC) mode of operation to encrypt and the data portion of TCP/IP packets using either the IPSEC ESP-tunneled mode or ESP-transport mode. HMAC SHA-1 is used to authenticate IPSEC message headers and protocol data units."
277	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Stefan Backstom TEL: 434-455-6600 FAX: 434-455-6851	Enhanced Digital Access Communications System (EDACS) Orion System/Scan (AEGIS) Mobile Two-Way FM Radios VHF-L range: 136-153 MHz VHF-M range: 150-174 MHz UHF-L range: 403-440 MHz UHF-M range: 440-470 MHz UHF-H range: 470-512 MHz 800 range: 806-870 MHz (Hardware Versions: (VHF-L [D2GHTXE(110W) D2GMTXE(50W)], VHF-M [D2HHTXE(110W) D2HMTXE(50W)], UHF-L [D2PHTXE(100W) D2PMTXE(40W)], UHF-M [D2UHTXE(110W) D2UMTXE(40W)], UHF-H [D2VHTXE(80W) D2VMTXE(35W)] and 800 [D28MTXE(35W) D28LTXE(12W)]), Software Version: R42A) Revoked DES Transition Ended Security Policy Certificate	Hardware	11/07/2002; 01/16/2003; 03/07/2003; 03/13/2003	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES ( 04/22/94) Multi-chip standalone "The EDACS Orion Mobile with FIPS 140-1 security level 1 validation. Aegis digital voice, conventional and trunked; system and scan front mounting."
276	Securit-e-Doc, Inc. 515 North Flagler Drive Suite 203 West Palm Beach, FL 33401 USA -Robert Barron TEL: 561-833-2303	Securit-e-Doc® SITT CryptoSystem (Version 3.0) Validated to FIPS 140-1 Security Policy Certificate	Software	10/31/2002; 06/10/2004	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows 2000 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #114); SHA-1 (Cert. #99); AES (Cert. #7); Skipjack (Cert. #8) -Other algorithms: N/A Multi-chip standalone "Securit-e-Doc(R) provides secure server-based transmission and storage of files and messages using interactive, Web-enabled interfaces. All components of the Securit-e-Doc system derive their security services from the underlying SITT(R) CryptoSystem. SITT(R), implemented within the Securit-e-Doc application software, provides real-time cryptographic services for symmetric encryption and decryption, random number generation and message digesting."
275	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-J Toolkit Module (Version 3.3.3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	10/31/2002; 10/01/2004; 01/04/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT SP6 (single user mode), JVM v1.3.1, JRE v1.3.1 -FIPS-approved algorithms: Triple-DES (Cert. #112); DSA (Cert. #63); SHA-1 (Cert. #97); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #168); AES; DESX; RC2; RC4; RC5; RC6; MD2; MD5; HMAC-SHA-1; Diffie-Hellman (key agreement); Base64 Multi-chip standalone "The Crypto-J Module is a Java- language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java Archive, or JAR, file."
274	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet ATM Encryptor (Hardware Versions 4.5, ATM Encryptor Models: 450-016-003/004/005/006/007/008/009, Firmware Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/24/2002; 04/16/2003; 10/19/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
273	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet ATM Encryptor (Hardware Versions 4.0, ATM Encryptor Models: 460-006-001/002/003/004/005/006/007/008/009, Firmware Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/24/2002; 04/16/2003; 10/19/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
272	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet ATM Encryptor (Hardware Versions 3.5 and 3.6, ATM Encryptor Models: 450-004-001/002/003/004/005/006/007 and 450-013-003/004/005/006/007/008/009, Firmware Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/24/2002; 04/16/2003; 10/19/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
271	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet ATM Encryptor (Hardware Versions 3.0 and 3.1, ATM Encryptor Models: 450-002-001/002/003/004/005/006/007 and 450-003-001/002/003/004/005/006/007/008/009, Firmware Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/24/2002; 04/16/2003; 10/19/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
270	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® DSM (Hardware Versions 1 and 2, Firmware Version 3.98) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/18/2002; 10/18/2004	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1(Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST 3; CAST 5; CAST MAC; CAST 3 MAC; CAST 5 MAC; HMAC-SHA-1; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption and Decryption) Multi-chip standalone "The Chrysalis-ITS™ Luna® DSM Digital Signature Module is a hardware-based, multiple-chip standalone module in the form of a PC card “token” based on the PCMCIA standard. The LUNA DSM token is a hardware crypto engine for digital signing, identification and authentication and is used in applications that require FIPS Level II key generation, protection and storage for limited numbers of digital keys."
269	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 571-434-2001	DiamondVPN™ (Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2020, P/N DV100-F) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	10/18/2002; 02/25/2003; 10/02/2003; 04/08/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63) -Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "DiamondVPN™ is a rack- mounted network security appliance that can be installed at a LAN edge for a work group or department operating on your enterprise network to enforce a single security profile for traffic outbound from the LAN and access to the LAN from the outside. Unlike traditional VPNs, DiamondVPN™ also offers secure pass-through to networks in which DiamondLink™ protects some users."
268	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 571-434-2001	DiamondPak™ and DiamondVPN-6™ (Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2020, P/N's DP600-F and DV600-F) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	10/18/2002; 02/25/2003; 07/31/2003; 10/02/2003; 04/08/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63) -Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "DiamondPak" is a rack- mounted network appliance for protecting multiple servers with each server protected by a dedicated self-protecting DiamondTEK" security computer enforcing a single security profile. DiamondPak"'s advanced access-control system for protecting critical backend systems is available in configurations to protect 2, 4, or 6 systems. DiamondVPN-6 is a network security appliance for protecting a group of servers or users within an organization with each group protected by a dedicated self-protecting DiamondTEK security computer enforcing a single security profile. DiamondVPN s advanced access control system for protecting critical backend groups is available in a configuration to protect 6 individual groups."
267	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 571-434-2001	DiamondLink™ (Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2000 and 2010 (fiber), P/N's DL 100-F and DL 100F-F) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	10/18/2002; 02/25/2003; 10/02/2003; 04/08/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63) -Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "DiamondLink™ is an external, drop- in network appliance for individual users that features a built- in security computer and authentication card reader in a single device. With its plug-and-play flexibility, DiamondLink™ can be easily extended to other network devices such as printers, fax machines, and networked manufacturing devices."
266	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure Pocket PC Cryptographic Library (Compact Version) (Version 1.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/18/2002	Overall Level: 1  -EMI/EMC: Level 3 -Self Tests: Level 3 -Operating Environment: Tested as meeting Level 1 with Windows CE 3.0 -FIPS-approved algorithms: AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed) -Other algorithms: Multi-chip standalone "The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
265	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure Pocket PC Cryptographic Library (Full Version) (Version 1.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/18/2002; 07/31/2003	Overall Level: 1  -EMI/EMC: Level 3 -Self Tests: Level 3 -Operating Environment: Tested as meeting Level 1 with Windows CE 3.0 -FIPS-approved algorithms: Triple-DES (Cert. #106); AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed) -Other algorithms: DES (Cert. #165); Blowfish; MD5; HMAC-MD5 Multi-chip standalone "The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
264	Lucent Technologies, Inc. 1600 Osgood St. 20-3E-15 North Andover, MA 01845 USA -Lori Heseltine TEL: 978-960-6827	Access Point 600 with 10/100 Ethernet, HSSI, ATM DS3, ATM OC3/STM-1 MMF, ATM OC3/STM-1 SMF-IR, 4-Port T1/E1, ATM OC3/STM-1 SMF-LR, MSSI, Frame-Based DS3, ISDN S/T, and ISDN U (Hardware Version 4.2 with 10/100 Ethernet (AP-PMC-01/AP-SP-PMC-01), HSSI (AP-PMC-02/AP-SP-PMC-02), ATM DS3 (AP-PMC-03/AP-SP-PMC-03), ATM OC3/STM-1 MMF (AP-PMC-04/AP-SP-PMC-04), ATM OC3/STM-1 SMF-IR (AP-PMC-05/AP-SP-PMC-05), 4-Port T1/E1 (AP-PMC-06/AP-SP-PMC-06), ATM OC3/STM-1 SMF-LR (AP-PMC-07/AP-SP-PMC-07), MSSI (AP-PMC-08/AP-SP-PMC-08), Frame-Based DS3 (AP-PMC-0D/AP-SP-PMC-0D), ISDN S/T (AP-PMC-0S/AP-SP-PMC-0S), and ISDN U (AP-PMC-0U/AP-SP-PMC-0U) Firmware Version V2.6.0.R3.IPSVCS) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2002; 11/18/2002	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Access Point 600 is a next-generation, high performance IP services router optimized for service providers wishing to quickly introduce man-aged IP services at mid-size branch and regional enterprise customer premises locations. Access Point 600 is purpose-built to deliver IP services with multi-access routing, Quality of Service (QoS) with Class-Based Queuing (CBQ), secure Virtual Private Networks (VPN), firewall security, and policy management. And the service provider has the advantages of easy deployment to multi-size customer premises locations, and the implementation of flexible management facilities that can be both customer and/or service provider managed."
263	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	UniGuard-V90 (Hardware Version UG-V90, Firmware Version 7.17.01) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2002	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC -Other algorithms: DES (Cert. #140); DES MAC Multi-chip standalone "Single port Triple DES encryption modem."
262	Communication Devices, Inc. #1 Forstmann Court Clifton, NJ 07011 USA -Donald Snook TEL: 973-772-6997 FAX: 973-772-0740	UniGuard-V34 (Hardware Version UG-V34, Firmware Version 7.17.01) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2002	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC -Other algorithms: DES (Cert. #140); DES MAC Multi-chip standalone "Single port Triple DES encryption modem."
261	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3500 FAX: 203-924-3406	Compliant Meter Postal Security Device (Part number 1A00, Revisions AAA, AAB, AAC, AAD, and AAE.) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2002; 10/21/2002; 02/20/2003; 03/07/2003	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC; DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Cert. #6) -Other algorithms: DES; HMAC; RSA (PKCS#1, key exchange, vendor affirmed) Multi-chip standalone "The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
260	Motorola, Inc. 200 N. Center East Suite 400 Alpharetta, GA 30022 USA -Christopher Yasko TEL: 770-521-5150 FAX: 770-521-8067	Encryption Services Module (Version 5.3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/08/2002	Overall Level: 1  -EMI/EMC: Level 3 -Key Mangement: Level 3 -Software Security: Level 3 -Operating System Security: Tested as meeting Level 1 with Microware OS-9, Version 2.2 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #104); SHA-1 (Cert. #92) -Other algorithms: DES ECB (Cert. #163); DES MAC (DES CBC Cert. #188); RC4 Multi-chip embedded "The Encryption Services Module is incorporated into the operating platform software of the Accompli 009 -- the first wireless communications device to incorporate tri-band GSM and GPRS protocols, telephone functionality, Internet access, e- mail, Triple-DES encryption, WAP browser and short message service (SMS) with a full QWERTY keyboard and 256-color screen."
259	Motorola, Inc. 200 North Point Center East Suite 400 Alpharetta, GA 30022 USA -Alfred Adler, Ph.D. TEL: 770-521-5128 FAX: 770-521-8066	Encryption DLL Module (Version 3.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/08/2002	Overall Level: 1  -EMI/EMC: Level 3 -Key Management: Level 3 -Sofware Security: Level 3 -Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #103); SHA-1 (Cert. #93) -Other algorithms: DES ECB (Cert. #162); DES MAC (DES CBC Cert. #189); RC4 Multi-chip standalone "The Encryption DLL Module is incorporated into the Motorola Messaging Server, an enterprise system for managing data between a corporate e- mail or data base system and a wireless device, and the Motorola MyMail Desktop Plus, a personal application to manage e- mail between the desktop and a wireless device."
258	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Ken Beer TEL: 650-216-2083	Tumbleweed Secure Mail™ Security Kernel (Version 5.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/08/2002	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #70); DSA (Cert. #49); SHA-1 (Cert. #59); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #131); MD2; MD5; RC2; RC5; RSA (key exchange) Multi-chip standalone "The Tumbleweed Secure MailTM Application is a software products designed to allow organizations to apply content filtering and secure messaging policies on email. The Secure MailTM Application uses a shared set of cryptographic functionality called the Secure MailTM Security Kernel. The Secure MailTM Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of Secure MailTM."
257	ActivCard, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Eric Le Saint TEL: 510-574-0100 FAX: 510-574-0101	ActivCard Applet suite on SchlumbergerSema Cyberflex Access 32K (Hardware PN 15006436, Firmware M256EAPLP1_S1_9C_02, Softmask 7, Version 2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/30/2002	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #65); SHA-1 (Cert. #57); RSA (PKCS#1 for signaure generation, vendor affirmed) -Other algorithms: Single-chip "The ActivCard Applet suite is based on the SchlumbergerSema Cyberflex Access 32K smart card platform, which is Java Card V2.1.1 and Global Platform V2.0.1 compliant. The applet suite relies on the security offered by Global Platform services to allow secure post-issuance operations, such as applet instantiation, key management and security policy configuration. The external interface provided by the applet suite is compliant with the smart card interoperability specification defined by the GSA."
256	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N90i Secure Metering Moddule (SMM) (Hardware 3000099C_FIPS, Software SH1 3800157W, SH2 3800159Y) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/26/2002; 10/25/2002; 10/03/2006	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA/SHA (Cert. #39) -Other algorithms: Multi-chip embedded "The module provides services to an office and post room based mailing system. The systems features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
255	Altarus Corporation 607 Herndon Pkwy Suite 200 Herndon, VA 20170 USA -Ludge Olivier TEL: 703-689-2223	Altarus Cryptographic Module (Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	09/20/2002	Overall Level: 1  -EMI/EMC: Level 3 -Software Security: Level 3 -Operating System Security: Tested as meeting Level 1 with MS Windows 2000 Version 5.0 with SP2 -FIPS-approved algorithms: Triple-DES (Cert. #99); SHA-1 (Cert. #88); HMAC-SHA-1 (Cert. #88, vendor affirmed) -Other algorithms: RSA Multi-chip standalone "The Altarus offering provides a premier platform and rapid development tools for creating, extending, and deploying secure enterprise applications to the desktop, mobile devices, or handheld devices"
254	ITT ITT A/CD PO Box 3700 Ft. Wayne, IN 46801-3700 USA -Tom Jewel TEL: 260-451-6000	NEXCOM MDR/MDT Interface Security Card (MMISC) (Software Version 14.FIPS, Hardware Version 8196204-1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/20/2002	Overall Level: 1  -FIPS-approved algorithms: RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #91) -Other algorithms: Multi-chip embedded "Software hosted on a Single Board Computer that acts as a public key, RSA/SHA-1 - based authentication agent within the FAA's NEXCOM Multi-Mode Digital Radio."
253	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	HighAssurance™ 2000 Gateway (HA2000) (Firmware Versions 5.00.17 and 5.00.25, Hardware Versions: 01 and 03) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/20/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #104); DES MAC; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The HA2000 is a multi-chip standalone hardware-based, Virtual Private Network (VPN) box that provides authenticated, encrypted network communications. Secure, remote management is provided using the IPSec and SNMPv2 protocols. Custom hardware allows for speed and reliability along with high security and low cost."
252	Novell, Inc 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) (Version 2.2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	09/20/2002; 01/22/2003; 01/31/2006	Overall Level: 2  -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server -FIPS-approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (ANSI X9.31 for signature generation and verification, vendor affirmed) -Other algorithms: DES (Cert. #103); RSA (encryption/decryption); MD2; MD4; MD5; RC2; RC4; RC5; CAST-128; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "Novell International Cryptographic Infrastructure for Windows"
251	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptor-T1 (SLE-T1) and SafeEnterprise™ Link Encryptor-E1 120ohms (SLE-E1-120) (Firmware version 1.33, Hardware version: 16284-020-04) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/19/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22) -Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement) Multi-chip standalone "SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
250	Lucent Technologies, Inc. 1600 Osgood St. 20-3E-15 North Andover, MA 01845 USA -Lori Heseltine TEL: 978-960-6827	Access Point 300-ST, 300-M-ST, 300-2M-ST, 300-2T1E1-ST, 300-M-U, and 300-2T1E1-U (Hardware Versions (300-M-U and 300-2T1E1-U; v1.0) (300-ST; v1.1) (300-ST, 300-M-ST, 300-2M-ST, and 300-2T1E1-ST; v3.0) Firmware Version V2.6.2.R3.IPSVCS) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/19/2002; 11/05/2002; 03/17/2003	Overall Level: 1  -Roles and Services: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement) Multi-chip standalone "The Access Point 300 is a next-generation, high performance IP Services router optimized for service providers wishing to quickly introduce high demand managed IP services at small to medium-sized enterprise customer premises locations."
249	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	ASTRO Subscriber Encryption Module (NTN8967 and 0105956v67, Firmware Version 3.53) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/18/2002	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVI-SPFL; DVP-XL Multi-chip embedded "Encryption modules used in Motorola Astro(TM) family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air- Rekeying and dvanced key management."
248	Sun Microsystems, Inc. USCA 17-201 4170 Network Circle Santa Clara, CA 95054 USA -Stephen Borcich TEL: 408-276-3964 FAX: 408-276-4952	Network Security Services (Software Version: 3.2.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	09/04/2002	Overall Level: 2  -Operating System Security: Tested as meeting Level 2 with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1 -FIPS-approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed) -Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
247	Sun Microsystems, Inc. USCA 17-201 4170 Network Circle Santa Clara, CA 95054 USA -Stephen Borcich TEL: 408-276-3964 FAX: 408-276-4952	Network Security Services (Software Version: 3.2.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	08/30/2002; 02/04/2003	Overall Level: 1  -Roles and Services: Level 2 -Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed) -Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
246	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptor NRZ-H (SLE NRZ-H) and SafeEnterprise™ Link Encryptor NRZ-L (SLE NRZ-L) (Firmware Version: 1.33, Hardware Version: 16284-020-04) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/30/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement) Multi-chip standalone "SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
245	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptor RS-232 (SLE RS-232) and SafeEnterprise™ Link Encryptor-E1 75ohms (SLE-E1-75) (Firmware Version: 1.33, Hardware Versions: 16284-010-04 and 16284-020-04) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/30/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement) Multi-chip standalone "SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
244	3S Group Incorporated 125 Church St. NE Vienna, VA 22180 USA -Satpal S Sahni TEL: 703-281-5015 FAX: 703-281-7816	Type 2 Cryptographic Support Server (T2CSS) ([Hardware Version 1.0, Firmware Version 1.0], [Hardware Version 1.1 and Firmware Version 1.1], [Hardware Version 1.2, Firmware Version 1.2] and [Hardware Version 2.0, Firmware Version 1.2]) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/13/2002; 01/17/2003; 05/01/2007; 07/28/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Skipjack (Cert. #5); Triple-DES (Cert. #88); DSA (Cert. #55); SHA-1 (Cert. #77); RSA (PKCS#1 for signatures, vendor affirmed) -Other algorithms: DES (Cert. # 154); KEA (key exchange) Multi-chip embedded "T2CSS is a multiple cryptoprocessor PCI board and cryptographic server. Provides high assurance security services; secure session/virtual token management; scalable server performance (multiple boards); Government and commercial algorithms; FORTEZZA CI, PKCS #11, other APIs; and Windows NT/2000, Solaris and Linux support."
243	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust GUTS Security Kernel 6.1 (Version 6.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	08/15/2002; 05/27/2003	Overall Level: 2  -Roles and Services: Level 2* -EMI/EMC: Level 3 -Key Management: Level 2* -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server *When operated in FIPS mode -FIPS-approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #10, vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (non-compliant) Multi-chip standalone "The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
242	Axalto Inc. 36-38 rue de la Princesse BP 45 78431 Louveciennes, France -Francisco Alcalde TEL: +33 1 3008 4685 FAX: +33 1 3008 4527	Cryptoflex e-Gate 32K Smart Card (Hardware ST19XT34, Firmware Hardmask 01 Version 01, Softmask 05 Version 01 and Hardmask 01 Version 03 and Software 05 Version 02) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/01/2002; 08/28/2002; 09/21/2004; 05/16/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #97); SHA-1 (Cert. #80); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #158); Single-chip "The Cryptoflex e-Gate card is a credit-card sized computer with a crypto-processor dedicated to security. Cryptoflex e-Gate card implements security industry functions based on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft. The card provides maximum security and flexibility of system integration thanks to administrative functions such as secure key loading, on-card key generation and ciphering of imported/exported data. The Cryptoflex e- gate card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB)."
241	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984	Kernel Mode Cryptographic Module for Windows XP (Software Version 5.1.2600.0) (For services provided by the FIPS-approved algorithms listed on the reverse) Validated to FIPS 140-1 Security Policy Certificate	Software	08/01/2002; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed) -Other algorithms: DES (Cert. #89) Multi-chip standalone "Microsoft Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-1 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-touse cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography."
240	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984	DSS/Diffie-Hellman Enhanced Cryptographic Provider for Windows XP (Software Versions 5.1.2518.0 and 5.1.2600.2133) (For services provided by the FIPS-approved algorithms listed on the reverse) Validated to FIPS 140-1 Security Policy Certificate	Software	08/01/2002; 02/25/2005; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP and XP Service Pack 2 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29) -Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement) Multi-chip standalone
239	Nortel Networks 80 Central Street Boxboro, MA 01719 USA -Jonathan Lewis TEL: 978-264-7045 x277 FAX: 978-264-7600	Contivity Extranet Switch 600 (Firmware version #3.61.02, Hardware version #600) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/24/2002	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #29 and #53); SHA-1 (Certs. #28, #31 and #51); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Certs. #44, #48 and #101); DES MAC; MD5; HMAC (MD5 and SHA-1); 40-bit DES; RC4 (40-bit and 128-bit); Diffie-Hellman (key agreement) Multi-chip standalone "The Contivity 600 Extranet Switch provides up to 30 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides an optional PCI expansion slot and dual 10/100 LAN ports."
238	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Microsoft Enhanced Cryptographic Provider (Versions 5.1.2518.0, 5.1.2600.1029 and 5.1.2600.2161) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	07/11/2002; 11/18/2002; 02/25/2005; 10/15/2007	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP, XP Service Pack 1 and XP Service Pack 2 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed) -Other algorithms: DES (Cert. #156); RC2; RC4; MD5 Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider (RSAENH) is a FIPS 140-1 Level 1 compliant, general-purpose, software-based, cryptographic module. Like other cryptographic providers that ship with Microsoft Windows XP, RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography."
237	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548	F-Secure Kernel Mode Cryptographic Driver (Version 1.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	07/15/2002; 07/31/2003; 02/09/2007	Overall Level: 1  -Self Tests: Level 3 -Operating Environment : Tested as meeting Level 1 with Windows 2000 (SP2), Windows NT 4.0 (SP6) and Windows XP -FIPS-approved algorithms: Triple-DES (Cert. #106); AES (Cert. #3); SHA-1 (Cert. #84); HMAC-SHA-1 (Cert. #84, vendor affirmed) -Other algorithms: DES (Cert. #165); Blowfish; CAST-128; MD5; HMAC-MD5 Multi-chip standalone "The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows NT/2000/XP compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
236	Motorola, Inc. 8220 East Roosevelt Street Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Digital Interface Unit Crypto Module (Firmware R01.09.00 / 81, Hardware T6721B) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/11/2002	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA Multi-chip embedded "The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
235	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: +44 1442 458617	Advanced Configurable Crypto Environment (ACCE) (Firmware Versions 2.2 and 2.3, Hardware 2640-G3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/11/2002; 07/22/2002; 10/04/2002; 06/05/2003; 04/21/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC: SHA-1 (Cert. #38); DSA (Cert. #36); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES MAC; MD5; Diffie-Hellman (key agreement); RSA (encryption and decryption); RSA (ISO 9796 and X509) Multi-chip embedded "The AEP Networks Advanced Configurable Crypto Environment (ACCE) provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
234	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 Gateway NG FP 1 (NG FP1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/19/2002; 06/28/2002; 02/09/2004; 05/19/2004; 11/17/2005; 01/06/2006; 05/02/2008	Overall Level: 2  -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT4.0 with SP6a; TCSEC C2-rated on a Compaq ProLiant 7000 Server -FIPS-approved algorithms: Triple-DES (Cert. #80); SHA-1 (Cert. #69); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #69, vendor affirmed) -Other algorithms: DES (Cert. #142); Diffie-Hellman (key agreement); AES; CAST; MD5; HMAC-MD5; FWZ; FWZ1 Multi-chip standalone "Check Point VPN-1 Gateway Next Generation (NG) is a tightly integrated software solution combining the FireWall-1® security suite with sophisticated VPN technologies. With Check Point’s Secure Virtual Network architecture, VPN-1 Gateway NG meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, satellite offices, and key partners."
233	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust TruePass Applet Cryptographic Module (Version 6.0) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/19/2002; 06/28/2002; 07/18/2002	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT4.0 (SP3); Windows 95/98; Windows 2000 (SP2) and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1; vendor affirmed) -Other algorithms: DES (Cert. #130); CAST 128 Multi-chip standalone "The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
232	Sigaba Corporation 1875 South Grant Road Suite 500 San Mateo, CA 94402 USA -Sayan Chakraborty TEL: 650-572-6117 FAX: 650-572-6101	Sigaba Gateway (Software version 3.0.20-FIPS) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/19/2002; 07/18/2002	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT4 SP6 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #94); SHA-1 (Cert. #78); DSS (Cert. #56); HMAC-SHA-1 (Cert. #78, vendor affirmed) -Other algorithms: AES; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Sigaba Gateway ensures the confidentiality, integrity and authenticity of all email sent over the Internet. Sigaba Gateway resides between an organization's email server and firewall. It encrypts outbound messages and decrypts inbound messages based on organization-defined policies. It uses a key server to retrieve a unique key to individually encrypt each outgoing message and decrypt each incoming message. The Sigaba Gateway works with any authentication mechanism."
231	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dennis Joyce TEL: 813-288-7388	AirFortress Wireless Security Gateway Cryptographic Module (Versions 2.0 and 2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	06/19/2002; 07/26/2002	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed); AES (Cert. #14) -Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA Multi-chip standalone "The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
230	Motorola, Inc 1301 E Algonquin Road Schaumburg, IL 60196 USA -Arun Victor TEL: 847-538-5221 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version 8482867Y02 rev. B, Software Version R3.51.06) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/19/2002	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades. This version of the product supports AES in addition to other FIPS approved algorithms."
229	Motorola, Inc 1301 E Algonquin Road Schaumburg, IL 60196 USA -Arun Victor TEL: 847-538-5221 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version 8482867Y02 rev. B, Software Version R3.51.01) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/19/2002	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
228	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 400 SCSI and nForce 150 SCSI (Firmware version 1.77.100; Hardware versions nC3022W-400 and nC3022W-150, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
227	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 300 PCI and nForce 150 PCI (Firmware version 1.77.100; Hardware versions nC3022P-300 and nC3022P-150, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Physical Security: Level 3 -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
226	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 300 SCSI, nForce 150 SCSI and nForce 75 SCSI (Firmware version 1.77.100; Hardware versions nC3021S-300, nC3021S-150 and nC3021S-75, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
225	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield 300 SCSI, nShield 150 SCSI and nShield 75 SCSI (Firmware version 1.77.100; Hardware versions nC3031S-300, nC3031S-150 and nC3031S-75, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Key Management: Level 3* *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nShield range of tamper resistant Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
224	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI and nShield F2 Ultrasign PCI (Firmware version 1.77.100; Hardware versions nC4022P-300 and nC4022P-150, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Physical Security: Level 3 -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
223	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI and nShield F2 Ultrasign SCSI (Firmware version 1.77.100; Hardware versions nC4022W-400 and nC4022W-150, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
222	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI and nShield F3 Ultrasign PCI (Firmware version 1.77.100; Hardware versions nC4032P-300 and nC4032P-150, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Key Management: Level 3* *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
221	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI, nShield F3 Ultrasign SCSI and payShield (Firmware version 1.77.100; Hardware versions nC4032W-400 and nC4032W-150, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/05/2002; 07/22/2002; 10/04/2002; 01/23/2004; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Key Management: Level 3* *When operated in FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions. payShield meets the stringent security requirements of the online payments industry and speeds up cryptographic processing through its secure, tamper resistant hardware and dedicated cryptographic processors. In addition to generic cryptographic functions, payShield supports a number of payments specific protocols and functions which provide support for 3-D Secure, EMV and PIN processing."
220	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XPplus (Hardware Versions: 1 and 2, Firmware Version 3.97) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	05/28/2002; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "Luna XPplus, Luna XL/XLR and XL/XLR Premium are cryptographic modules based on a board that is equivalent to two Luna CA3 tokens with hardware cryptographic acceleration support. The XL/XLR is configured as a Level 2 stand-alone module. The XPplus and XL/XLR Premium operate as subordinate devices in conjunction with a Luna CA3 token. Each module can support all cryptographic algorithms listed in Appendix A of the Luna XPplus, XL/XLR and XL/XLR Premium Security Policy."
219	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151 USA -Antoine Kelman TEL: 703-263-0100 FAX: 703-263-7134	CosmopollC V4 Smart Card with ActivCard Applets (Hardware Version: CosmpollC V4, Software Configurations CAC01-D904 and CAC02-D906) (Certificate 219a supersedes and replaces Certificate 219) Validated to FIPS 140-1 Security Policy Certificate	Hardware	05/28/2002; 12/12/2002; 12/20/2002; 02/27/2004; 03/30/2004; 09/23/2005	Overall Level: 2  -Software Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #87); SHA-1 (Cert. #75); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #148); Single-chip "The Oberthur Card Systems CosmopolIC product is a highly secure and powerful multi-application Java Card platform for smart card. With a better management of memory (ROM and EEPROM), it offers more space for the development of e-commerce, m-commerce, payment (Debit/ Credit), network access, pay-TV, loyalty and many other applications including WAP."
218	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XLR Premium (Hardware Versions: LXL-002-101 and LXL-003-001, Firmware Version 3.96) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/30/2002; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "Luna® XLR Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Combining the Luna® XLR with the proven Luna® CA3 cryptographic token, the Luna® XLR Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
217	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XLR (Hardware Versions: LXL-002-101 and LXL-003-001, Firmware Version 3.96) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/30/2002; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "Luna® XLR provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Luna® XLR offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
216	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XL Premium (Hardware Version: LXP-002-101, Firmware Version 3.96) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/30/2002; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "Luna® XL Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a desktop form factor. Combining the Luna® XL with the proven Luna® CA3 cryptographic token, the Luna® XL Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
215	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XL (Hardware Version: LXP-002-101, Firmware Version 3.96) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/30/2002; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed) -Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "Luna® XL provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems. Luna® XL offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, improves system performance."
214	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® CA³ (Hardware Versions: 1 and 2, Firmware Versions 3.97 and 3.102) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/30/2002; 04/05/2004; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #13); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption); Multi-chip standalone "The Luna® CA³ token securely stores data and keying material inside its cryptographic boundary. It also performs cryptographic operations on data provided by external applications using the keying material stored in the token. These abilities are defined as key management, object management, and cryptographic capability."
213	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 572-434-2001	DiamondPak (Part Number DP600, Hardware Version 2020, Software Versions 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/16/2002; 04/16/2002; 08/08/2002; 02/25/2003; 04/08/2005	Overall Level: 1  -Roles and Services: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63) -Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "DiamondPak™ is a rack-mounted network appliance for protecting multiple servers with each server protected by a dedicated self-protecting DiamondTEK™ security computer enforcing a single security profile."
212	Gemplus Corp. and ActivCard Inc. Avenue du Pic de Bretagne BP 100 Gémenos Cedex, 13881 France -Lus Astier TEL: +33 (0) 4 42 36 5000 -Eric Le Saint TEL: 510-745-0100 x6211	Gemplus GemXpresso Pro E64 PK - FIPS ICC with ActivCard Applet Suite (Hardware Version GP92, Software Versions GXP3-FIPS, GXP3-FIPS EI15, GXP3-FIPS EI15 with single ATR, and GXP3-FIPS EI19 with new ATR and fast ATR) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	04/10/2002; 07/26/2002; 07/15/2003; 10/30/2003; 01/19/2005	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1; vendor affirmed) -Other algorithms: DES (Cert. #155); Single-chip "The “GemXpresso Pro E64 PK – FIPS ICC with ActivCard Applet Suite” is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on platform-independent cryptographic applets developed by ActivCard. The card and applets provide authentication and digital signature cryptographic services to end-users."
211	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	VPN 3002-8E and VPN 3002 Hardware Client (Hardware Models 3002-8E and 3002; Firmware version: 3.1 FIPS) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/26/2002; 04/05/2002; 06/10/2002; 01/10/2003; 05/24/2005	Overall Level: 2  -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. 86); DSA (Cert. #54); SHA-1 (Cert. #73); HMAC/SHA-1 (Cert. #73; vendor affirmed); RSA (PKCS#1; vendor affirmed) -Other algorithms: DES (Cert. #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3002-8E Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
210	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Chris Romeo TEL: 919-392-0512	VPN 3000 Concentrator Series (Hardware models: 3005, 3015, 3030, 3060, 3080, Firmware version: 3.1 FIPS) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/26/2002; 01/10/2003; 05/24/2005	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #32 and #86); DSA/SHA-1 (Cert. #38); DSA (Cert. #54); SHA-1 (Cert. #73); RSA (PKCS#1; vendor affirmed); HMAC SHA-1 (Cert. #73; vendor affirmed) -Other algorithms: DES (Certs. #100 and #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco VPN 3000 Concentrator Series is a family of purpose-built, remote access Virtual Private Network (VPN) platforms and client software that incorporates high availability, high performance and scalability with the most advanced encryption and authentication techniques available today."
209	WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000	SecureDoc® Cryptographic Engine (Version 3.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	03/26/2002; 04/04/2002; 05/08/2002; 07/02/2007	Overall Level: 2  -Roles and Services: Level 3 -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Professional Workstation 5100 -FIPS-approved algorithms: Triple-DES (Cert. #7); SHA-1 (Cert. #76); AES (Cert. #1); Triple-DES MAC -Other algorithms: DES (Cert. #87); DES MAC; RIPEMD 160; AES MAC Multi-chip standalone "SecureDoc® Cryptographic kernel used in all of WinMagic’s SecureDoc® cryptographic products including the Disk Encryption application and the Central Database administration facility."
208	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	Pointsec 4.1 (Software version 4.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	03/21/2002; 03/28/2002; 06/18/2003; 04/29/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000, Windows 95 and NT Server/Workstation 4.0 (SP6a) -FIPS-approved algorithms: Triple-DES (Cert. #85) -Other algorithms: DES (Cert. #146); BLOWFISH; AES; CAST Multi-chip standalone "Pointsec version 4.1 employs hard disk encryption to guarantee that no users can access or manipulate information on an encrypted device, either from available files, erased files, or temporary files. Pointsec version 4.1 safeguards the operating system and the important system files (which often contain clues to passwords for Windows), shared devices, and the network."
207	Motorola, Inc. 8220 E. Roosevelt St. Scottsdale, AZ 85257 USA -Randy Morton TEL: 480-441-4472 FAX: 480-441-3580	Key Management Facility Crypto Card (KMF CC) (Hardware Issue O, Software Version R01.06) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	03/01/2002	Overall Level: 1  -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82) -Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA Multi-chip embedded "The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
206	Axalto Inc. 36-38 rue de la Princesse BP 45 78431 Louveciennes, France -Francisco Alcalde TEL: +33 1 3008 4685 FAX: +33 1 3008 4527	Cryptoflex 8K Smart Card (Hardware ST19CF68 revision B, Firmware v2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	02/27/2002; 09/21/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #67); SHA-1 (Cert. #61) -Other algorithms: RSA (non-compliant) Single-chip "Cryptoflex is a credit-card sized computer with a crypto-processor dedicated to security. Cryptoflex implements security industry functions based on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft."
205	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink ATM Encryptor (Hardware Versions 3.0 and 3.1, Cylink ATM Encryptor Models: 450-002-001, 450-002-002, 450-002-003, 450-002-004, 450-002-005, 450-002-006, 450-002-007, 450-003-001, 450-003-002, 450-003-003, 450-003-004, 450-003-005, 450-003-006, 450-003-007, 450-003-008 and 450-003-009, Firmware Versions 4.0 and 4.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/31/2002; 02/01/2002; 06/17/2002; 12/04/2003; 10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The Cylink ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The Cylink ATM Encryptor can be centrally controlled or managed across multiple remote stations using Cylink's PrivaCy Manager®, an SNMP-based security management system."
204	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Frame Encryptor II (SFE II) (Firmware Version 4.08, Hardware Version 16326-06(6B) and Firmware Version 4.09, Hardware Version 16826-06(2C)) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/31/2002; 04/11/2002; 07/18/2002; 12/17/2002; 12/27/2002; 07/03/2003; 10/19/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSS (Cert. #57); SHA-1 (Cert. #81) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SFE protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 4 Mbps and 1022 active secure connections."
203	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Frame Encryptor-L (SFE-L) and SafeEnterprise™ Frame Encryptor-H (SFE-H) (Firmware Version 4.08, Hardware Version 4B & 5B) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/31/2002; 04/11/2002; 07/18/2002; 07/03/2003; 10/19/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSS (Cert. #57); SHA-1 (Cert. #81) -Other algorithms: DES (Certs. #11 and #20); Diffie-Hellman (key agreement) Multi-chip standalone "The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-L supports Full-Duplex throughput of 256 Kbps traffic and 32 active secure connections.The SFE-H supports Full-Duplex throughput of 8 Mbps and 1022 active secure connections."
202	PrivyLink Pte Ltd 77 Science Park Drive #02-05/07 CINTECH III Singapore Science Park 1, 118254 Singapore -Daphne Tng TEL: (65) 882-0700 FAX: (65) 872-5490	TrustField™ Cryptographic Key Server, CKS Model 2000-J (Version T2000, Hardware Version 2A, Firmware Version 2.0) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/25/2002	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #62); ShA-1 (Cert. #53); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #123); Multi-chip standalone "TrustField™ Cryptographic Key Server (CKS) is a hardware security solution that offers a tamper-resistant environment for highly sensitive e-commerce transaction processing. It adds hardware-based security functionality to Internet, Intranet, Extranet, and enterprise applications such as Banking, e-Banking, Public Key Management for e-Commerce, and Secure e-Transaction."
201	Neopost Online, Inc. 3400 Bridge Parkway Suite 201 Redwood City, CA 94065 USA -Chandra Shah TEL: 650-620-3600	PROmail II (Simply Postage III) (Hardware Version: FAB 7480079; Software Version: 85) Validated to FIPS 140-1 Security Policy Certificate	Hardware	01/25/2002	Overall Level: 3  -Physical Secuirty: Level 3 +EFT -FIPS-approved algorithms: DSA/SHA-1 (Cert. #39) -Other algorithms: Multi-chip embedded "The Promail II is an electronic device developed by Neopost Online that stores revenue and dispenses it to a host computer, such as a PC compatible, under control and direction of a Neopost Online customer. The Promail II attaches to and communicates with the host computer via either a serial or USB interface. The revenue is dispensed from the Promail II in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular device at a particular point in time."
200	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Frame Encryptor-High Speed Serial Interface (SFE HSSI) (Firmware Version 4.08 and 4.09, Hardware Version 3) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/18/2001; 04/11/2002; 05/15/2002; 07/18/2002; 07/03/2003; 10/19/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "The SFE-HSSI protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-HSSI support full-duplex traffic throughput of between 56-256 kbps for 32-1022 secure connections. The SFE will achieve this throughput for the smaller frames as well (64 byte frames is a target)."
199	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00181 Finland -Alexey Kirichenko TEL: +358-9-2520-4548	F-Secure Cryptographic Service Provider DLL (Software Version: 1.1) (When operated in FIPS mode and using FIPS Approved algorithms and processes as listed) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	12/18/2001; 07/31/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 SP6 -FIPS-approved algorithms: Triple-DES (Cert. #68); DSA (Cert. #50); SHA-1 (Cert. #62); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #129); RSA Encryption/Decryption; IDEA; Blowfish; CAST-128; Rijndael; Arcfour; MD5; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; Diffie-Hellman (key agreement) Multi-chip standalone "The F-Secure Cryptographic Service Provider is a FIPS 140-1 Level 1 compliant software module, implemented as a 32-bit Windows™ NT compatible DLL, which provides a variety of cryptographic services and can be dynamically linked into applications by software developers to get access to general-purpose cryptographic functionality."
198	Mailroom Technology, Inc. 230 Long Hill Cross Road Shelton, CT 06484 USA -Richard Rosen TEL: 203-925-2571 FAX: 203-926-1628	SAFE CV 411, SAFE CV 412 and SAFE CV 413 (Software Versions 3.1.1, 3.3.2, 3.3.3 and 3.4.0; Hardware Versions 411, 412 and 413) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/14/2001; 06/21/2002; 09/01/2006; 04/26/2007	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
197	CTAM, Inc. 600 17th Street 600 17th Street Suite 950 South Denver, CO 80202 USA -Network Security Product Manager TEL: 720-359-1581	CypherCell ATM Encryptor (Hardware Version 3, Firmware Version 2.1.0) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/14/2001	Overall Level: 2  -Roles and Services: Level 3 -EMI/EMC: Level 3 -Key Management: Level 3 -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #78); SHA-1 (Cert. #68); RSA (PKCS#1 for signature, vendor affirmed) -Other algorithms: DES (Certs. #138 and #139); Multi-chip standalone "CypherCell is a hardware encryption product for Asynchronous Transfer Mode (ATM) networks. It supports multiple speeds with AC or DC Power"
196	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2621 Modular Access Router with Crypto Accelerator Card 2651 Modular Access Router with Crypto Accelerator Card (Hardware Versions: 2621 and 2651, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/BP, Hardware Version: 1.0, Board Rev; A0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38) -Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
195	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptor-T3 (SLE-T3) (Firmware Versions 3.00 and 3.01, Hardware Revision 16697-010-03) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 05/23/2002; 07/18/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement) Multi-chip standalone "The SLE-T3 secures public and private DS3/T3 data links at 44.7 MHz, encrypting data at the full data rate, and meeting the T3 industry standard. Both C-Bit and M13 framing are supported."
194	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	2621 Modular Access Router 2651 Modular Access Router (Hardware Versions: 2621 and 2651, Software Version: IOS 12.1(5)T) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26) -Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
193	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206 VXR Router with ISA Accelerator Card (Hardware: 7206, Software: IOS 12.1(9)E, ISA Accelerator: Hardware Version 1.0, Board Version B0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #17 and #76); SHA-1 (Certs. #26 and #66) -Other algorithms: DES (Certs. #74 and #136); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
192	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7206 VXR Router (Hardware: 7206 VXR, Software: IOS Version: 12.1(9)E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26) -Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
191	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7140 VPN Router with ISM Accelerator Card 7140 VPN Router with Dual ISA and ISM Accelerator Cards (7140: Hardware Version: 7140, Software: IOS 12.1(9)E; ISM Accelerator: Hardware Version: 1.0, Board Rev: AO 7140 Dual: Hardware Version: 7140, Software: IOS 12.1(9)E, ISM Accelerator: Hardware Version: 1.0, Board Version: AO; ISA Accelerator: Hardware Version 1.0, Board Version B0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 02/25/2002; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #17, #76 and #77); SHA-1 (Certs. #26, #66 and #67) -Other algorithms: DES (Certs. #74, #136 and #137); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
190	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	7140 VPN Router (Hardware Version: 7140, Software Version: IOS 12.1(9)E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26) -Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
189	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	3640 VPN Router with Crypto Accelerator Card 3660 VPN Router with Crypto Accelerator Card (3640: H/W Version: 3640, IOS Version: 12.1(5)T, Accelerator Card: NM-VPN/MP, Hardware Version: 1.0, Board Rev: AO 3660: H/W Version: 3660, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/HP, Hardware Version: 1.0, Board Rev: AO) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38) -Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
188	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	3640 Modular Access Router 3660 Modular Access Router (Hardware Version: 3640 and 3660, Software Version: IOS 12.1(5)T) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	12/12/2001; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26) -Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
187	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 571-434-2001	DiamondLINK 10/100 (Hardware Version 2000, Software Versions 2.0.3, 2.0.8, 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/27/2001; 12/12/2001; 02/15/2002; 04/16/2002; 08/08/2002; 02/25/2003; 04/08/2005	Overall Level: 1  -Roles and Services: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63) -Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5 Multi-chip embedded "DiamondLink provides a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. It not only provides a high level of trust and data separation through the established end-to-end sessions, it additionally provides added levels of security by bringing firewall filtering functionality to the desktop. This module provides strong I&A with user selectable/dynamically downloaded security policies to the desktop."
186	Corsec Security, Inc. 10340 Democracy Lane Suite 201 Fairfax, VA 22030 USA -Matthew Appler TEL: 703-267-6050 FAX: 703-267-6810	CryptoFramework Validated to FIPS 140-1 Not Available Security Policy Certificate	Software	11/27/2001; 06/10/2002; 09/06/2002	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
185	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity Extranet Switch 4600 (Firmware Version 3.61.01, Hardware Version 4600) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/27/2001; 12/06/2001	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); 40-bit DES; RC4 (40-bit and 128-bit) Multi-chip standalone "The Contivity 4600 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 5 PCI expansion slots and dual 10/100 LAN ports, dual redundant power supplies and storage."
184	Algorithmic Research Ltd. 10 Nevatim Street Petach Tikva, 49561 Israel -Gadi Aharoni TEL: +972-3-927-9500 FAX: +972-3-923-0864	PrivateServer 3.0 and PrivateServer 3.1 ([Firmware Version 3.0, Hardware Versions 3.0] and [Firmware Version 3.1, Hardware Version 3.1]) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	11/27/2001; 12/13/2002; 02/10/2003; 07/15/2003	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #66); SHA-1 (Cert. #58); RSA digital signature (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert.#127); MD5; RSA (encryption); ISO9796; ARDFP; Diffie-Hellman (key agreement) Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. Contained within a secure, tamper-responsive steel case, the PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include strong cryptography using DES, triple-DES, and SHA-1, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
183	Motorola, Inc. 8220 East Roosevelt Street Scottsdale, AZ 85257 USA -Kerry Johns-Vano TEL: 480-441-4733 FAX: 480-441-3580	ASTRO Subscriber Universal Crypto Module (Firmware Versions: R05.00.02, R05.00.03, R05.00.12 and R05.00.13, Hardware Version: Issue O) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/19/2001; 02/07/2002; 10/04/2002; 10/21/2002; 01/06/2003	Overall Level: 1  -Roles and Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #82) -Other algorithms: DES (09/22/1995); DES-XL; DVI-XL; DVI-SPFL; DVP-XL Multi-chip embedded "Encryption modules used in Motorola Astro™ family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
182	Hasler, Inc. 19 Forest Parkway Shelton, CT 06484 USA -Richard Rosen TEL: 203-926-1087 FAX: 203-926-1628	SAFE CV 401 (Software Version 3.1.1 and 3.3.2, Hardware Version 401) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/09/2001; 06/21/2002	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
181	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022P-150 and nC3022P-300, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/09/2001; 01/23/2004	Overall Level: 2  -Roles and Services: Level 3* -Physical Security: Level 3 -Key Management: Level 3* -Software Security: Level 3 -Self Tests: Level 3* *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip embedded "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
180	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI and nShield F3 Ultrasign SCSI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	11/09/2001; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
179	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity Extranet Switch 2600 (Firmware version 3.60.45, Hardware Version 2600) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/30/2001; 12/06/2001	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit) Multi-chip standalone "The Contivity 2600 Extranet Switch provides up to 1000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 3 PCI expansion slots and dual 10/100 LAN ports."
178	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity Extranet Switch 1600 (Firmware version 3.60.45, Hardware Version 1600) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/30/2001; 12/06/2001	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit) Multi-chip standalone "The Contivity 1600 Extranet Switch provides up to 200 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides a PCI expansion slot and dual 10/100 LAN ports."
177	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust TruePass Applet Cryptographic Module (Version 5.2) (When operated in FIPS mode with FIPS validated browser services operating in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/30/2001; 11/15/2001; 06/28/2002; 07/18/2002	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows NT 4.0 SP3, Windows 95/98, Windows 2000 SP2 and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1, vendor affirmed) -Other algorithms: DES (Cert. #130); Multi-chip standalone "The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
176	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel v6.0 (Version 6.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	10/30/2001; 05/09/2002; 07/18/2002; 05/27/2003	Overall Level: 2  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server -FIPS-approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed) -Other algorithms: DES ((Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie Hellman; ECDSA (vendor affirmed; non-compliant) Multi-chip standalone "This module is used in the Entrust® family of products."
175	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 PCI and nShield F2 Ultrasign PCI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022P-150 and nC4022P-300, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2001; 01/23/2004	Overall Level: 2  -Roles and Services: Level 3* -Physical Security: Level 3 -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3* *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
174	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 PCI and nShield F3 Ultrasign PCI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032P-150 and nC4032P-300, Build standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2001; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip embedded "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
173	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna® XP plus (Version 3.9) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/11/2001; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #73); SHA-1 (Cert. #64); DSA (Cert. #51); RSA (vendor affirmed) -Other algorithms: DES (Cert. #134); RC2; RC4; RC5; CAST; CAST3; CAST5; HMAC-SHA1; HMAC-MD5; RSA (encryption/decryption); MD2; MD5; Diffie-Hellman -1024 (key agreement) Multi-chip standalone "Luna® XPplus offers hardware-accelerated signing, secure key management, and signature validation for high volume transaction applications such as transaction coordinators and OCSP (Online Certificate Status Protocol) responders. Luna® XPplus is a scalable, hardware security module for high-performance digital signing of e-business transactions in a FIPS 140-1 level 3-validated solution. The product operates in conjunction with Luna® CA³ root key protection systems leveraging ultimate private key integrity for high-volume digital signing applications. Luna® XPplus signing devices allow you to add signature processing throughput as needed."
172	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI and nShield F2 Ultrasign SCSI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/15/2001; 01/23/2004	Overall Level: 2  -Roles and Services: Level 3* -EMI/EMC: Level 3 -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3* *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
171	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 SCSI and nForce 400 SCSI (Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022W-150 and nC3022W-400, Build standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	10/15/2001; 01/23/2004	Overall Level: 2  -Roles and Services: Level 3* -Key Management: Level 3* -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3* *When operated in the FIPS mode -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
170	NetScreen Technologies, Inc. 805 11th Avenue Bldg. 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen 5XP (Hardware Revision 3010, Software Version ScreenOS 2.6.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	09/27/2001; 02/13/2003; 06/03/2003	Overall Level: 2  -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed) -Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC Multi-chip standalone "The NetScreen-5XP is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10Base-T Ethernet ports (trust and untrust), the NetScreen-5XP performs at near wire-speed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
169	NetScreen Technologies, Inc. 805 11th Avenue Bldg. 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen 500 (Hardware Revision 4110, Software Version ScreenOS 2.6.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	09/27/2001; 02/13/2003; 06/03/2003	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed) -Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC Multi-chip standalone "The NetScreen-500 is a purpose-built security system integrating stateful inspection firewall, VPN, and traffic management together in a compact system that only requires 2U of rack space. Designed for high performance, redundancy, manageability, and multiple security domains, the NetScreen-500 implements a modular design, it offers many of the compelling functionality of an appliance. In addition, there are redundant dedicated high availability ports, dedicated management port, 4 traffic module bays, and a programmable LCD."
168	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	LUNA® RA Secure Key Issuance HSM token (Firmware v3.9, Hardware v 1 and 2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/25/2001; 10/18/2004	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #74); Triple-DES MAC; DSA/SHA-1 (Cert. #13); RSA (vendor affirmed) -Other algorithms: DES (Cert. #32); DES MAC; HMAC-SHA-1; Diffie-Hellman (key agreement); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; CAST/CAST3/CAST5 (40 and 64 bit keys) Multi-chip standalone "The Chrysalis-ITS® LUNA RA Secure Issuance HSM token is a hardware-based, multiple-chip standalone module which is a delta production of the Chrysalis-ITS® LUNA 2 token (certificate #56, dated 08/08/1999). Like the LUNA 2, the LUNA RA is in the form of a PC card “token” based on the PCMCIA standard. The LUNA RA token offers secure key distribution, fast key generation and secure key backup functionality to increase security and reduce operational overhead. The Luna RA token is integral to the secure issuance of keys to smart cards, cable modems, mobile phones and other PKI-enabled devices."
167	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta Smart Card (Firmware Version: SPYCOS 2.01(FUP03), Hardware Version: SC410-G) (When operated in FIPS mode and using FIPS Approved algorithms and processes as listed) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/25/2001	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); DSA (SigGen, KeyGen Cert. #31); RSA (vendor affirmed) -Other algorithms: DES (Cert. #78); KEA (key exchange) Multi-chip standalone "The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
166	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta USB (Firmware Version: SPYCOS 2.01(FUP03), Hardware Version: USB110-GBL) (When operated in FIPS mode and using FIPS Approved algorithms and processes as listed) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	09/10/2001	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); DSA (SigGen, KeyGen Cert. #31); RSA (vendor affirmed); -Other algorithms: DES (Cert. #78); KEA (key exchange) Multi-chip standalone "The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple “plug and play” ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
165	Axalto Inc. 8311 North FM 620 Road Austin, TX 78726 USA -David Teo TEL: 512-257-3895 FAX: 512-257-3881 -David Wen TEL: 510-745-6215	SchlumbergerSema Cyberflex Access 32K with ActivCard Applets (Hardware PN 15006436 and 15008973, Firmware M256EPALP1_SI_9C_02 Softmask 7 version 2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	09/10/2001; 11/02/2001; 02/25/2002; 05/09/2003; 09/21/2004; 05/25/2006	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #57); SHA-1 (Cert. #65); RSA (Signature; PKCS #1; vendor affirmed) -Other algorithms: Single-chip "Cyberflex Access 32K with Applets, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 32K with Applets has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1. The Cyberflex Access 32K with Applets smart card is part of a range of highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications. The ActivCard applets add to the smart card platform the following services: cardholder authentication, digital signature, and secure data storage. The external interface provided by the applets is compliant with the smart card interoperability specification defined by the GSA."
164	Kasten Chase Applied Research, Ltd. 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Cyril Fernandes TEL: 905-238-6900 x3310 FAX: 905-212-2003	RASP Secure Modem (Hardware Version 1.5, Firmware Versions P539 and P539.2) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/23/2001; 08/01/2003	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2) -Other algorithms: KEA Multi-chip standalone
163	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C (Version 5.2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	08/15/2001; 08/27/2001; 01/04/2008	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #70); SHA-1 (Cert. #59); DSA (Cert. #49); RSA (ANSI X9.31 and PKCS#1 for Signature; vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #131); RSA Encryption; MD; MD5; HMAC SHA-1; HMAC MD5; AES (Rijndael); DESX; RC2; RC4; RC6; Elliptic Curve (F2&Fp); Elliptic Curve Encryption Scheme; Elliptic Curve Diffie-Hellman (key agreement); Bloom-Shamir; Diffie-Hellman (key agreement) Multi-chip standalone "The RSA BSAFE® Crypto-C Module version 5.2.1 is a software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. It provides a variety of cryptographic services to calling applications that are documented in RSA’s RSA BSAFE® Crypto-C Security Components for C Library Reference Manual. RSA BSAFE® Crypto-C is a C-language API available as a static library, a dynamic library and as source code."
162	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	CryptoSwift HSM (Hardware P/N 107316, Firmware Versions 5.6.27 and 5.6.28) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/15/2001; 08/27/2001; 11/19/2002; 10/18/2004	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #30); SHA-1 (Cert. #16); RSA (PKCS#1, vendor affirmed) -Other algorithms: DES (Cert. #43); RC4; MD5; HMAC MD5; HMAC SHA-1; RSA Encryption; DSA (non-compliant) Multi-chip embedded "The CryptoSwift HSM is for high-assurance applications requiring a high degree of physical security as well as optimal cryptographic processing performance. With its tamper active design, the evasive measures of the CryptoSwift HSM defeat physical attacks through detection and response to ensure the integrity and confidentiality of keying information. The key management features allow operators to backup or clone keys securely and easily. In addition, strong two-factor authentication is provided for Security Officers and Operators with the CryptoSwift HSM's trusted channel, a USB port with Rainbow Technologies iKey authentication solution."
161	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	iKey 2032 (Hardware versions (A and 909-23002) and 909-25001; Firmware version 0.6) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	08/03/2001; 09/21/2004; 10/18/2004; 01/11/2007	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); RSA (vendor affirmed) -Other algorithms: DES (Cert. #88); Triple-DES (vendor affirmed, non-compliant); Diffie-Hellman (key agreement) Multi-chip standalone "The iKey 2032 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 2032 specifically supports Public Key Infrastructure (PKI) needs by providing on-board cryptographic key generation; secure storage of key pairs and X.509 digital certificates; and performing digital signature signing operations on-board."
160	Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd. 28 Greg Chappell Drive Burleigh Heads, QLD 4220 Australia -Gerry Scott TEL: 916-677-2450 FAX: 916-677-2460	CSA8000 Cryptographic Adapter (Hardware Version: Revision G, Cprov Firmware Version 1.10) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	07/27/2001; 10/18/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #63); DSA (Cert. #47); SHA-1 (Cert. #55); RSA (PKCS #1 for Signatures; vendor affirmed) -Other algorithms: DES (Cert. #124); HMAC-SHA-1; RSA; CAST128; IDEA; AES (Rijndael); RC2; RC4; MD2; MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The Eracom CSA8000 Cryptographic Adapter is an intelligent PCI adapter card that provides a wide range of cryptographic functions with dedicated DES/3DES and RSA hardware accelerators. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
159	Avaya, Inc. 1500 Buckeye Drive Milpitas, CA 95035 USA -Kevin Johnson TEL: 408-321-4884 FAX: 408-404-1313	VSU-5000 and VSU-7500 (Hardware Version 02, Software Version 3.1.34) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/27/2001; 08/02/2002	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed) -Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
158	Avaya, Inc. 1500 Buckeye Drive Milpitas, CA 95035 USA -Kevin Johnson TEL: 408-321-4884 FAX: 408-404-1313	VSU-100/VSU-100R and VSU-2000 (Hardware Version 02, Software Version 3.1.34) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/27/2001; 08/02/2002	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed) -Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
157	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta USB (Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FGR) (When operated in FIPS mode and using FIPS Approved algorithms and processes as listed) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/17/2001	Overall Level: 2  -Roles and Services: Level 3 -EMI/EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Skipjack (Cert. #4); DSA (Cert. #31); RSA (vendor affirmed) -Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-Compliant); KEA (key exchange) Multi-chip standalone "The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
156	Hasler, Inc. 19 Forest Parkway Shelton, CT 06484 USA -Richard Rosen TEL: 203-926-1087 FAX: 203-926-1628	SAFE CV Lite (Software Version 1.4.14, Hardware Version 2.0) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/12/2001; 06/21/2002	Overall Level: 2  -Physical Security: Level 3 +EFP/EFT -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43) -Other algorithms: ElGamal Multi-chip embedded "The SAFE device is dsigned as a single electronic circuit board. The primary objective of the SAFE device is to protect funds and to apply respective access rules."
155	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: +44 1442 458617	Advanced Configurable Crypto Environment (ACCE) - L3 SV and BE (Firmware Version v2.1, Hardware Version 2710-G1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	07/05/2001; 07/18/2001; 07/22/2002; 10/04/2002; 04/21/2005	Overall Level: 3  -Physical Security: Level 3 +EFT -Software Security: Level 4 -Self Tests: Level 4 -FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36) -Other algorithms: DES (Certs. #82 and #92); DES MAC; MD5; RSA (PKCS1 and ISO9796); Diffie-Hellman (key agreement) Multi-chip embedded "The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
154	Blue Ridge Networks 14120 Parke Long Court Chantilly, VA 20151 USA -Tom Gilbert TEL: 703-631-0700 FAX: 703-631-9588	BorderGuard 3000 (Version 6.0) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/21/2001	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #57 and #58); SHA-1 (Cert. #49 and #50) -Other algorithms: DES (Cert. #119 and #120); NSC-1; IDEA; HMAC (MD5 and SHA-1); RSA; Diffie-Hellman (key agreement) Multi-chip standalone "A network security appliance for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
153	NetScreen Technologies, Inc. 805 11th Avenue Bldg. 3 Sunnyvale, CA 94089 USA -Lee Klarich TEL: 408-543-8209 FAX: 408-543-8200	NetScreen-100 (Sofware Version 2.6.1, Hardware Revision 4) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Hardware	06/15/2001; 02/13/2003; 06/03/2003	Overall Level: 2  -Roles and Services: Level 3 -Key Management: Level 3 -Module Interfaces: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44) -Other algorithms: DES (Cert. #114 and #115); RC2; RC5; MD5; RSA; HMAC; Diffie-Hellman (key agreement); Blowfish Multi-chip standalone "The NetScreen-100 is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that is optimized for the most demanding environments such as high traffic sites."
152	Tumbleweed Communications Corp. 700 Saginaw Drive Redwood City, CA 94063 USA -Ken Beer TEL: 650-216-2083	MMS Security Kernel (Version 4.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	06/13/2001	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Windows NT Version 4.0 (single user mode) -FIPS-approved algorithms: Triple-DES (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (vendor affirmed) -Other algorithms: DES (Cert. #46); MD2; MD5; RC2; RC5 Multi-chip standalone "The Tumbleweed Messaging Management System (MMS) is a suite of software products designed to allow organizations to apply content filtering and secure messaging policies on e-mail and Web traffic. All portions of the MMS use a shared set of cryptographic functionality called the MMS Security Kernel. The MMS Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of the MMS."
151	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeEnterprise™ Link Encryptor-High Speed Serial Interface (SLE-HSSI) (Firmware v2.1, Hardware Rev 3) Validated to FIPS 140-1 Security Policy Certificate	Hardware	06/04/2001; 07/18/2002; 07/03/2003; 10/19/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement) Multi-chip standalone "The SLE-HSSI secures data over high speed synchronous data links up to 52MHz, encrypting data at the full data rate, and meeting the HSSI industry standard. It contains the cryptographic module, which is the case containing all electronics, excluding the battery & its holder."
150	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 SCSI and nShield F3 Ultrasign SCSI (Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	05/23/2001; 01/23/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
149	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 150 PCI and nForce 300 PCI (Firmware version 3.2, Hardware versions nC3022P-150 and nC3022P-300) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	05/23/2001	Overall Level: 2  -Cryptographic Module Design: Level 3 -Roles and Services: Level 3* -Key Management: Level 3* -Module Interfaces: Level 3 -Finite State Machine Model: Level 3 -Software Security: Level 3 -Self Tests: Level 3* *(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.) -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI"
148	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01801-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 SCSI and nShield F2 Ultrasign SCSI (Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	05/23/2001; 09/14/2001; 01/23/2004	Overall Level: 2  -Cryptographic Module Design: Level 3 -Roles and Services: Level 3* -EMI/EMC: Level 3 -Key Management: Level 3* -Module Interfaces: Level 3 -Finite State Machine Model: Level 3 -Software Security: Level 3 -Self Tests: Level 3* *(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.) -FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
147	Attachmate Corporation 424 Wards Corner Road Loveland, OH 45140 USA -Karen M. Patterson TEL: 513-794-8187	CryptoConnect ES (Version 6.7) (For services provided by the FIPS-approved algorithms listed.) Validated to FIPS 140-1 Security Policy Certificate	Software	05/14/2001	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95, 98, and NT 4.0 Server SP3 or higher. (single-user mode) -FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18) -Other algorithms: DES (Cert. #46); Multi-chip standalone "CryptoConnect ES is an encryption option that provides encryption of all TCP data between sessions in Attachmate's Extra! Personal Client (TN3270, TN5250 or Telnet) and their respective host systems."
146	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: +44 1442 458617	Advanced Configurable Crypto Environment (ACCE) SV and BE (Firmware Version v2.1, Hardware Version 2640-G3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/23/2001; 07/18/2001; 07/22/2002; 10/04/2002; 04/21/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES MAC; Triple-DES (Certs. #24 and #25); DSA/SHA-1 (Cert. #36) -Other algorithms: DES (Certs. #82 and #92); DES MAC; RSA (PKCSI and ISO9796); MD5; Diffie-Hellman (key agreement) Multi-chip embedded "The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
145	SafeNet, Inc. 4690 Millennium Drive Santa Clara, Belcamp 21017 USA -Chris Holland TEL: 410-931-7500 FAX: 410-931-7524	NetHawk VPN (Firmware v2.1, Hardware Versions 01 and 03) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/23/2001; 07/18/2002; 10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Cert. #104); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "The Cylink NetHawk is a hardware-based, multiple-chip standalone Virtual Private Network (VPN) device that provides authenticated, encrypted network communications."
144	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta USB (Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FBK) (When operated in FIPS mode and using FIPS Approved algorithms and processes as listed) Validated to FIPS 140-1 Security Policy Certificate	Hardware	04/16/2001; 07/03/2001	Overall Level: 2  -Roles and Services: Level 3 -EMI / EMC: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Skipjack (Cert. #4); DSA (Cert. #31); RSA (vendor affirmed) -Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-Compliant); KEA (key exchange) Multi-chip standalone "The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
143	Algorithmic Research Ltd. 10 Nevatim Street Kiryat Matalon Petach Tikva, 49561 Israel -Peleg Atar TEL: 972-3-927-9500	PrivateWire Client (Version 3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate	Software	04/16/2001	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0. -FIPS-approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #38) -Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement) Multi-chip standalone "PrivateWire is a software product that enables secure communication between organizations and private users."
142	Algorithmic Research Ltd. 10 Nevatim Street Kiryat Matalon Petach Tikva, 49561 Israel -Peleg Atar TEL: 972-3-927-9500	PrivateWire Security Gateway (Version 3) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	04/16/2001; 07/15/2003	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0. -FIPS-approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #33) -Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement) Multi-chip standalone "PrivateWire is a software product that enables secure communication between organizations and private users."
141	V-ONE Corporation, Inc. 20250 Century Blvd. Suite 300 Germantown, MD 20874 USA -Sales TEL: 301-515-5200 FAX: 301-515-5280 -Citrix Systems, Inc. TEL: 801-816-3353	SmartPass FIPS Token (Versions 4.0 and 4.1) Citrix Extranet Client (Version 2.0) Validated to FIPS 140-1 Security Policy Certificate Vendor Product Link	Software	04/02/2001; 09/14/2001; 10/09/2001; 06/18/2003	Overall Level: 1  -Roles and Services: Level 2 -EMI / EMC: Level 3 -Software Security: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows98. -FIPS-approved algorithms: SHA-1 (Cert. #10); Triple-DES (Cert. #46) -Other algorithms: DES; MD5 Multi-chip standalone "V-ONE’s SmartPass (client) contains the same software-based cryptographic algorithms (3DES) utilized in all V-ONE products including its SmartGate and SmartGuard family of servers." "Citrix Systems, Inc. makes SmartPass available under a private label licensing agreement as their Citrix Extranet Client"
140	Ensuredmail, Inc. 1708 Lovering Avenue Suite 202 Wilmington, DE 19806 USA -Andrew Edelsohn TEL: 302-426-1185 FAX: 800-886-9062	Ensuredmail, v1.0 (Software version: 1.0) (The KEK is limited to keys derived from a hash of a six-character password.) Validated to FIPS 140-1 Security Policy Vendor Product Link	Software	03/29/2001; 05/20/2003	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95/98 and Windows 2000 (single-user mode). -FIPS-approved algorithms: Triple-DES (Cert.#42); SHA-1 (Cert. #44) -Other algorithms: Multi-chip embedded "Turnkey, enterprise software that enables two-way secure e-mail communication, even with attachments, without requiring the recipients to install any software."
139	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Frame Encryptor II (Firmware v4.05 and v4.06; Hardware Revision 6) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	03/14/2001; 05/09/2001; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
138	Novell, Inc. 1800 South Novell Place Provo, UT 84606 USA -Developer Support TEL: 801-861-7000	Novell International Cryptographic Infrastructure (NICI) Controlled Cryptographic Service (CCS) Client, v2.0 (Software version: 2.0) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Software	03/14/2001; 01/31/2006	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (single-user mode). -FIPS-approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); RSA (vendor affirmed) -Other algorithms: DES (Cert. #103); MD2; MD4; MD5; RC2; RC4; RC5; HMAC (MD5, SHA-1); RSA (encryption/decryption); Diffie-Hellman (key agreement) Multi-chip standalone "NICI is Novell's software-based cryptographic infrastructure for Novell products."
137	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Government Certifications Team TEL: 519-888-7465 x2921 FAX: 519-886-4839	BlackBerry 850/857 and BlackBerry 950/957 Cryptographic Kernel (Version 2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Firmware	03/01/2001; 06/03/2002; 08/24/2005	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #45); SHA-1 (Cert. #45) -Other algorithms: Multi-chip standalone "The BlackBerry crypto firmware v2.1, common to both the BlackBerry 850/857 and the BlackBerry 950/957, securely compresses and encrypts messages with Triple-DES. Following this procedure, the ciphertext is transmitted over the Internet to the recipient mail server. Upon receiving the message, the mail server decrypts and decompresses the ciphertext back to the original plaintext. The BlackBerry crypto firmware is messaging-system independent."
136	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Mr. Dennis Joyce TEL: 813-288-7388 x119 FAX: 813-288-7389	NetFortress® 10 / MAIP (Version 4.0 firmware) (When factory configured in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	01/18/2001	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34) -Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement); IDEA Multi-chip standalone "The NetFortress® 10 / MAIP is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
135	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	IJ25 Secure Metering Module (SMM) (Version D) Validated to FIPS 140-1 Security Policy	Hardware	01/18/2001; 10/03/2006	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #39) -Other algorithms: Multi-chip embedded "The module provides services to a tabletop mailing system designed primarily for the small office/home office environment. Features include manually inserted/removed mail; indicium printed at maximum of 1200 envelopes per hour; internal modem for remote re-crediting; scale interface; Memory Card interface to load slogans, scale rates and class indication; capacity for 10 slogans or advert images; ink jet technology."
134	PSI Systems, Inc. 247 High Street Palo Alto, CA 94301-1041 USA -Dr. Harry T. Whitehouse TEL: 650-321-2640 x112 FAX: 650-321-0356	Postal Cryptographic Coprocessor (Version 1.01) Validated to FIPS 140-1 Security Policy	Hardware	01/18/2001	Overall Level: 3  -Physical Security: Level 4 -Self Tests: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (Cert. #33) -Other algorithms: DES (Cert. #58); RSA Multi-chip embedded "This module provides the services to support high-speed, secure micro-transactions, including the production and verification of United States Postal Service Information-Based Indicia."
133	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	N18D Postage Meter (Hardware v. 4101508D; Software v. 6.1) Validated to FIPS 140-1 Security Policy	Hardware	01/16/2001; 10/03/2006	Overall Level: 2  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: SHA-1 (Cert. #41); DSA/SHA-1 (Cert. #42) -Other algorithms: DES (Certs. #106 and #107); Multi-chip embedded "The N18D module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet print-head, the module is capable of producing up to 180 envelopes per minute."
132	Neopost Online, Inc. 3400 Bridge Parkway Suite 201 Redwood City, CA 94065 USA -Chandra Shah TEL: 650-620-3600	Secure Metering Device / Series II (SMD-II) (Version: 2002, Hardware version A) Validated to FIPS 140-1 Security Policy	Hardware	01/16/2001	Overall Level: 2  -Physical Security: Level 3 +EFP/EFT -EMI / EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #40) -Other algorithms: Multi-chip standalone "The Secure Metering Device / Series 2 (SMD-II) is an electronic device developed by Neopost Online that securely loads, stores, and dispenses revenue. The SMD-II is designed to meet the applicable USPS IBIP specifications for postage meters. The SMD-II attaches to and communicates with the host computer via a serial interface. The revenue is dispensed from the SMD-II to the host computer in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular SMD-II at a particular point in time."
131	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ E1-120ohms and Link Encryptor NRZ T1 (Firmware versions 1.25, 1.26, 1.31 and 1.33; Hardware Rev. B) Validated to FIPS 140-1 Security Policy	Hardware	01/10/2001; 09/14/2001; 05/15/2002; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
130	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, v5.1 (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	12/20/2000; 07/18/2002	Overall Level: 2  -EMI/EMC: Level 3 -Operating System Security: Microsoft WindowsNT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server. -FIPS-approved algorithms: Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman Multi-chip standalone "This module is used in the Entrust® family of products."
129	nCipher Corporation Ltd. 500 Unicorn Park Dr Woburn, MA 01810-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield SCSI Ultrasign and nShield SCSI Cryptographic Accelerators (Firmware v1.77.100; Hardware versions nC4032W-400, 150) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
128	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nShield 300, nShield 150 and nShield 75 Cryptographic Accelerators (Firmware v1.77.100; Hardware nC3031S-300, 150, 75, Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
127	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce SCSI 400 and nForce SCSI 150 Cryptographic Accelerators (Firmware v1.77.100; Hardware versions nC3022W-400, 150) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU."
126	nCipher Corporation Ltd. 500 Unicorn Park Drive Woburn, MA 01810-3371 USA -Sales TEL: 800-NCIPHER FAX: 781-994-4001	nForce 300, nForce 150 and nForce 75 Cryptographic Accelerators (Firmware v1.77.100; Hardware nC3021S-300, 150, 75 Build Standard E) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/20/2000; 09/14/2001; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU."
125	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nForce 300, nForce 150 and nForce 75 Cryptographic Accelerators (Firmware v1.54.28; Hardware Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/20/2000; 03/01/2001; 03/09/2006; 03/15/2006	Overall Level: 2  -Roles and Services: Level 3* -Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement) Multi-chip standalone "The nCipher nFast/nForce/nShield range of hardware cryptographic accelerators increases server throughput in data security and electronic commerce applications such as: secure Web sites, financial transactions over the Internet, authenticated access to intranets and extranets, certification authorities and digital signatures, secure messaging including X.400/EDI."
124	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan C. Asenjo TEL: 888-744-4976 x6202 FAX: 954-888-6211	Datacryptor® 2000 (DC2K) X.25 / IP / ATM (Hardware Version Issue 2 and Issue 3 Motherboard; Software Version 3.1) (When key zeroization is enabled) Validated to FIPS 140-1 Security Policy Vendor Product Link	Hardware	12/07/2000; 01/08/2003; 05/19/2003; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #31); DSA/SHA-1 (Cert. #24) -Other algorithms: DES (Cert. #57); Diffie-Hellman (key agreement); Rijndael Multi-chip standalone "The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
123	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: +44 1442 458617	Advanced Configurable Crypto Environment - Security Processor (ACCE SP and ACCE SP2) (Hardware Version 1E, Firmware Versions: ACCE SP: v1.0 and v1.1 ACCE SP2: v2.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	12/07/2000; 11/05/2001; 11/09/2001; 12/04/2001; 07/22/2002; 10/04/2002; 04/21/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Certs. #23 and #24); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed) -Other algorithms: DES (Certs. #81 and #82); DES MAC; Diffie-Hellman (key agreement); MD5 Multi-chip embedded "The ACCE SP & SP2 provide highly-secure cryptographic services and key storage. They are used in a range of AEP Networks and OEM products along with an application (the single user of the module) to provide custom functionality. Example uses are the Europay NSP (ACCE SP) and Europay ESP (ACCE SP2) which were developed for Europay, a major European financial institution."
122	IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM 4758-013 PCI Cryptographic Coprocessor with CP/Q++ (Layer 2) (ID: P/N 04K9077 (FIPS 140-1 Cert. #81), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ v1.26) (When configured for DSS Authentication and using the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	11/15/2000	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #23) -Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant) Multi-chip embedded "The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed."
121	IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM 4758-001 PCI Cryptographic Coprocessor with CP/Q++ (Layer 2) (ID: P/N 04K9078 (FIPS 140-1 Cert. #35), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ version) (When configured for DSS Authentication and using the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	11/15/2000	Overall Level: 3  -Physical Security: Level 4 -Self Tests: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #23) -Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant) Multi-chip embedded "The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed."
120	Alcatel Managed IP Services 600 March Road 5T1 Kanata, Ontario K2K 2E6 Canada -Doug Wiemer TEL: 613-784-3146 FAX: 613-599-3617	TimeStep PERMIT/Gate™ 7520 series 20 and 30 / Alcatel 7137 (Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026) (When operated in FIPS-compliant "Secure" and "Minimum" modes) Validated to FIPS 140-1 Security Policy	Hardware	10/12/2000	Overall Level: 2  -Physical Security: Level 3. -FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21) -Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access."
119	Alcatel Managed IP Services 600 March Road 5T1 Kanata, Ontario K2K 2E6 Canada -Doug Wiemer TEL: 613-784-3146 FAX: 613-599-3617	TimeStep PERMIT/Gate™ 1520 series 50 / Alcatel 7132; TimeStep PERMIT/Gate™ 2520 series 40 and 50 / Alcatel 7133; TimeStep PERMIT/Gate™ 4520 series 40 and 50; and TimeStep PERMIT/Gate™ 4620 series 40 and 50 / Alcatel 7134 (Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026) (When operated in FIPS-compliant "Secure" and "Minimum" modes) Validated to FIPS 140-1 Security Policy	Hardware	10/12/2000	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21) -Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5 Multi-chip standalone "The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access."
118	IBM® Corporation 2455 South Rd Mail Station P371 Poughkeepsie, NY 12601 USA -Clark Norberg TEL: 845-435-6434	IBM eServer zSeries 900 CMOS Cryptographic Coprocessor (ID: IBM PN 09K1592) (When configured for External Key Entry) Validated to FIPS 140-1 Security Policy	Hardware	09/26/2000	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #28); DSA/SHA-1 (Cert. #37); RSA (internal use) -Other algorithms: DES (Cert. #98); Diffie-Hellman (key agreement); CDM; MDC-2; MDC-4; ANSI: X3106, X99, X919 Single-chip "Technology remap encryption module for the IBM eServer zSeries 900 system that provides improved throughput performance over the previous part numbers of the IBM S/390 CMOS Cryptographic Coprocessor (FIPS 140-1 cert. #40)."
117	IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM 4758-023 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1) (ID: PN 04K9036, EC C75600M, Miniboot 0 version A, Miniboot 1 version A) (When configured for DSS Authentication) Validated to FIPS 140-1 Security Policy	Hardware	09/18/2000; 08/08/2002; 09/23/2002	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -Cryptomodule Design: Level 4 -Module Interfaces: Level 4 -Roles& Services: Level 4 -Finite State Machine Model: Level 4 -Software Security: Level 4 -EMI/EMC: Level 4 -Self Tests: Level 4 -Key Mgmnt.: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #86); DES MAC; RSA Multi-chip embedded "The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
116	IBM® Corporation 2455 South Rd Mail Station P330 Poughkeepsie, NY 12601 USA -Barry Ward TEL: 845-435-4881 FAX: 845-435-5540	IBM 4758-002 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1) (ID: PN 04K9131, EC F72272D, Miniboot 0 version A, Miniboot 1 version A) (When configured for DSS Authentication) Validated to FIPS 140-1 Security Policy	Hardware	09/18/2000; 08/08/2002	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34) -Other algorithms: DES (Cert. #86); DES MAC; RSA Multi-chip embedded "The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as and as features in IBM eServer iSeries, pSeries, and zSeries servers."
115	Thales e-Security Meadow View House Crendon Industrial Estate Long Crendon Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800 FAX: +44 (0)1844 208550	Secure Generic Sub-System (SGSS) (Version 1.1) Validated to FIPS 140-1 Security Policy Vendor Product Link	Hardware	09/13/2000; 01/08/2003; 05/09/2003; 05/19/2003; 03/21/2005; 04/05/2005; 10/13/2005	Overall Level: 4  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #24) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure system initialization for a cryptographic device, such as the Datacryptor 2000, WebSentry and HSM products. The module contains a secure bootstrap and authenticates application-loading using the Digital Signature Algorithm (DSA)."
114	Technical Communications Corp. 100 Domino Drive Concord, MA 01742 USA -John I. Gill TEL: 978-287-5100	CipherX 7200 (Version 1.0) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/13/2000	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #13 and #14); SHA-1 (Cert. #29) -Other algorithms: DES (09/22/1995); Multi-chip standalone "The CipherX 7200 offers centrally managed end-to-end security that can seamlessly integrate into Internet Protocol (IP) Wide Area Networks (WANs) and Local Area Networks (LANs) providing secure Virtual Private Network (VPN) solutions. The Cipher X 7200 supports encryption, authentication, firewall and secure community capabilities to enable flexible transparent end-to-end network security."
113	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink ATM Encryptor (Software versions 4.0 and 4.1; Hardware version 2.0) Validated to FIPS 140-1 Security Policy	Hardware	09/13/2000; 06/17/2002; 12/04/2003; 10/18/2004	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip standalone "Cylink ATM Encryptors secure sensitive data transmitted over high-speed ATM networks. The system supports full wirespeed encryption at data rates from 1.5Mbps to 622 Mbps over public and private networks."
112	AEP Networks Focus 31, West Wing Cleveland Road New Hempstead, Herts HP2 7BW United Kingdom -David Miller TEL: +44 1442 458617	Advanced Configurable Crypto Environment (ACCE) (Firmware version 1, Releases 3G1 and 3G2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/08/2000; 07/18/2001; 07/22/2002; 10/04/2002; 04/21/2005	Overall Level: 4  -FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed) -Other algorithms: DES (Cert. #92); DES MAC; Diffie-Hellman (key agreement); MD5 Multi-chip embedded "The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family. There are two versions available: Version 1.3G1 will power-down and zeroize the SMK if the module's temperature exceeds the specified operational temperature range. Version 1.3G2 will power-down and zeroize the SMK when the specified operational temperature is exceeded, and zeroize the IMK when the storage temperature is exceeded."
111	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1955B Java™-powered Cryptographic iButton™ (Version 1.11) (When using vendor-configured with the FIPS 140-1 Applet) Validated to FIPS 140-1 Security Policy	Hardware	08/30/2000	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: SHA-1 (Cert. #36) -Other algorithms: Multi-chip standalone "The Dallas Semiconductor 1955 Java-Powered Cryptographic iButton, when operated in FIPS mode, provides SHA-1 hashing, identity-based challenge-response authentication, statistical random number generator tests, and a SHA-1 known answer test. When not operated in FIPS mode, the device provides more cryptographic services such as a high-speed math accelerator for 1024-bit public key cryptography. The module's single silicon chip is encased in a stainless steel button which is rugged enough to withstand harsh outdoor environments."
110	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Outlook Cryptographic Provider (EXCHCSP) (Version SR-1A (3821)) Validated to FIPS 140-1 Security Policy	Software	08/15/2000; 10/15/2007	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode). -FIPS-approved algorithms: Triple-DES (Cert. #18); SHA-1 (Cert. #32); RSA (vendor affirmed) -Other algorithms: DES (Cert. #91); DES MAC; RC2; MD2; MD5 Multi-chip standalone "The Microsoft Outlook Cryptographic Provider (EXCHCSP) is a FIPS 140-1 Level 1 compliant general-purpose software-based cryptographic module. EXCHCSP encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography."
109	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Secure Integrated VPN (3640, 7140, and 7206 Module Access Routers w/ IOS V12.1(1)T software) (When configured in a FIPS mode of operation) Validated to FIPS 140-1 Security Policy	Hardware	08/01/2000; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26) -Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco 3640, 7140, and 7206 Secure Integrated VPNs are routers that provide data protection on a network providing packet encryption. The modules perform all of the functions of a typical router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules, providing a secure connection at the packet level."
108	L-3 Communication Systems One Federal Street Camden, NJ 08102 USA -privatel@L-3com.com TEL: 877-628-3694	Privatel™ Model 960v (Model 960v (Part Number: K10047665, Software version v6.01) and (Part Number: K10047665-503, Software version v7.10)) Validated to FIPS 140-1 Security Policy	Hardware	08/01/2000; 09/18/2000; 04/21/2005	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Cert. #20); SHA-1 (Cert. #33) -Other algorithms: Session Key Development Algorithm (SKDA) Multi-chip standalone "The Privatel(TM) Model 960v provides security for voice telephony applications. The Privatel(TM) product is an applique to an existing office telephone that provides voice coding, traffic encryption, key management, and modem functions. The module uses the strongest commercially-available cryptography, which provides end-to-end secure communications that protect telephone conversations from eavesdropping and unauthorized monitoring and recording, displaying a unique Key Fingerprint during every secure session."
107	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Frame Encryptor CFE-H and Frame Encryptor CFE-L (Firmware v4.05 and v4.06; Hardware revisions 4 and 5) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	07/31/2000; 03/12/2001; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 3  -Module Interfaces: Level 3* -Roles and Services: Level 3* *(Level 3 - Console interface disabled; Level 2 - Console interface enabled.) -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #20); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
106	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Kernel Mode Cryptographic Module (FIPS.SYS) (Version 5.0.2195.1569) Validated to FIPS 140-1 Security Policy	Software	07/31/2000; 10/15/2007	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode). -FIPS-approved algorithms: Triple-DES (Cert. #16); SHA-1 (Cert. #35) -Other algorithms: DES (Cert. #89); Multi-chip standalone "Microsoft's Kernel Mode Cryptographic Module (FIPS.SYS) is a general-purpose, software-based cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography."
105	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232 (Firmware versions 1.27, 1.31 and 1.33) Validated to FIPS 140-1 Security Policy	Hardware	07/31/2000; 09/14/2001; 05/15/2002; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
104	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ-H and Link Encryptor NRZ-L (Firmware versions 1.27, 1.31 and 1.33) Validated to FIPS 140-1 Security Policy	Hardware	07/31/2000; 09/14/2001; 05/15/2002; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
103	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider ((Base DSS: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]), (Base: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3]), (DSS/DH Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]), (Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3])) (For services provided by the listed FIPS-Approved algorithms) Validated to FIPS 140-1 Security Policy	Software	07/10/2000; 12/14/2001; 07/31/2002; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 SPx (operated in single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed) -Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5 Multi-chip standalone "These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
102	Cryptek, Inc. 1501 Moran Road Sterling, VA 20166 USA -Timothy Williams TEL: 571-434-2000 FAX: 571-434-2001	DiamondNIC and DiamondLINK (Software v1.2 and v1.2.2; Hardware v1.000) Validated to FIPS 140-1 Security Policy	Hardware	07/10/2000; 11/20/2000; 02/15/2002	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: Triple-DES (Cert. #10); SHA-1 (Cert. #30) -Other algorithms: DES; Diffie-Hellman (key agreement); MD5; KPDK_MD5 Multi-chip embedded "DiamondNIC and DiamondLINK provide a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. They not only provide a high level of trust and data separation through the established end-to-end session, they additionally provide added levels of security by bringing firewall filtering functionality to the desktop. These modules provide strong I&A and user selectable/dynamically downloaded security policies to the desktop."
101	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954B-007 Cryptographic iButton™ (ID: B9-V1.02) (When using vendor-initialized SHA-1 in transaction group 1) Validated to FIPS 140-1 Security Policy	Hardware	06/22/2000	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone "Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
100	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dr. Stephen Kovacs TEL: 813-288-7388 x119 FAX: 813-288-7389	NetFortress® 10 (Version 4.0 firmware) (When factory configured in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	06/22/2000	Overall Level: 2  -Software Security: Level 3. -FIPS-approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34) -Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement) Multi-chip standalone "The NetFortress® 10 is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
99	Cisco Systems, Inc. 7025-6 Kit Creek Road PO Box 14987 Research Triangle Park, NC 27709-4987 USA -Michael Soto TEL: 408-902-8125	Cisco Secure Integrated VPN (2621 Module Access Router w/ IOS V12.1(1)T software) (When configured in a FIPS mode of operation) Validated to FIPS 140-1 Security Policy	Hardware	06/13/2000; 06/22/2000; 01/10/2003; 05/24/2005	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26) -Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "The Cisco 2621 Modular Access Router supports the full IOS feature set including advanced security features such as Virtual Private Network (VPN) Access and integrated Firewall protection. The Cisco 2621 supports multiple encrypted tunnels using Cisco IOS IPSec and DES/3DES encryption."
98	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Jonathan Lewis TEL: 978-288-8590 FAX: 978-288-4004	Contivity Extranet Switch (Firmware version 2.60, 4500 Hardware) (When operated in the 'FIPS-enabled' mode using FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	05/23/2000; 09/20/2001; 12/06/2001	Overall Level: 2  -FIPS-approved algorithms: SHA-1 (Cert. #31); Triple-DES (DES Cert. #47) -Other algorithms: DES (Cert. #47); RSA; RC4; MD5 Multi-chip standalone "The Contivity 4500 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. 5 PCI expansion slots, dual 10/100 LAN ports, dual redundant power supplies and storage, unlimited IPSEC client licenses."
97	Stamps.com 3420 Ocean Park Blvd. Suite 1040 Santa Monica, CA 90405 USA -Craig Ogg TEL: 310-581-7200 FAX: 310-581-7500	Postage Server Cryptomodule (Versions 1.01 and 1.02) Validated to FIPS 140-1 Security Policy	Hardware	05/18/2000	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #23, 27); Triple-DES (Cert. #2) -Other algorithms: DES (Certs. #58 and #69); RSA; Diffie-Hellman (key agreement) Multi-chip embedded "The module provides the services to support high-speed, highly secure E-commerce transactions, including the production and verification of United States Postal Service Information-Based Indicia."
96	Pitney Bowes, Inc. 35 Waterview Dr Shelton, CT 06484 USA -David Riley TEL: 203-924-3500 FAX: 203-924-3385	ClickStamp™ Online Client Cryptographic Module (CCM) (Version 0.3.60A) Validated to FIPS 140-1 Security Policy	Software	05/18/2000	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 with Microsoft Windows95/98, WindowsNT Workstation 4.0 w/SP3 or later (single-user mode). -FIPS-approved algorithms: SHA-1 (Cert. #27); Triple-DES (Cert. #3) -Other algorithms: DES (Cert. #83); Multi-chip standalone "The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
95	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	Rosetta Smart Card (Version 2.01) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	05/08/2000	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Skipjack (Cert. #4); DSA (DSA/SHA-1 Cert. #31) -Other algorithms: DES (Cert. #78); Triple-DES; KEA (primitives only); RSA Single-chip "The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
94	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Hazem Hassan TEL: 952-808-2372 FAX: 952-890-2726	SignaSURE Model 330 Smart Card (Version 1.0) (When using the 'FIPS-mode Configuration File') Validated to FIPS 140-1 Security Policy	Hardware	05/08/2000; 02/22/2005	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); Triple-DES (DES Cert. #88, vendor affirmed); RSA/SHA-1 (vendor affirmed) -Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement) Single-chip "The SignaSURE Model 330 Smart Card is a complete public key cryptographic module that is ISO 7816 compliant. This module supports PKI with a highly efficient cryptographic co-processor and the DKCCOS v2.0 smart card OS. The OS is extensible and allows new algorithms to be added."
93	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, v5.0 and v5.0a (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	04/20/2000; 07/18/2002	Overall Level: 2  -EMI/EMC: Level 3 -Operating System Security: Level 2 for Microsoft WindowsNT 4.0 with SP6a (TCSEC C2-rated on a Compaq ProLiant 7000 Server). -FIPS-approved algorithms: Triple-DES (Cert.#6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; Diffie-Hellman (key agreement) Multi-chip standalone "This module is used in the Entrust® family of products."
92	SafeNet, Inc. 4690 Millennium Drive Belcamp, MA 21017 USA -Rick DeFelice TEL: 410-931-7500 FAX: 410-931-7524	SafeNet CGX (Crypto Graphic eXtensions) Library (Software v1.14, v1.15 and v1.16) (For services provided by the FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy	Software	04/07/2000; 11/20/2000; 07/02/2002; 10/19/2004	Overall Level: 1  -EMI/EMC: Level 3 -Software Security: Level 3; -Self Tests: Level 4; -Operating System Security: Tested as meeting Level 1 when using Windows95/98, WindowsNT Workstation 4.0 w/ SP 3 or later (single-user mode). -FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30) -Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP."
91	SafeNet, Inc. 4690 Millennium Drive Belcamp, MA 21017 USA -Rick DeFelice TEL: 410-931-7500 FAX: 410-931-7524	SafeNet CGX (Crypto Graphic eXtensions) Library (Software v1.14, v1.15 and v1.16) (For services provided by the FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy	Software	04/07/2000; 11/20/2000; 07/02/2002; 10/18/2004	Overall Level: 2  -EMI/EMC: Level 3 -Software Security: Level 3; -Self Tests: Level 4; -Operating System Security: Tested as meeting Level 2 when using Compaq DeskPro 6400 w/ WindowsNT Workstation 4.0, SP3 (ITSEC-certified). -FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30) -Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement) Multi-chip standalone "The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP."
90	Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 USA -Security Evaluations Manager TEL: +44 118 9243860 FAX: +44 118 9243171	Oracle® Advanced Security (Software Version 8.1.6) (When operated in FIPS mode using the FIPS approved algorithms [listed in the description column]) Validated to FIPS 140-1 Security Policy	Software	03/21/2000; 04/04/2002; 07/07/2003	Overall Level: 2  -Operating System Security: Tested as meeting Level 2 with Sun Solaris Version 2.6SE running on a Sun Ultra SPARC-1 workstation. -FIPS-approved algorithms: SHA-1 (Cert. #18) -Other algorithms: DES (Cert. #52); RC4; MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Oracle® Advanced Security is a comprehensive suite of security features for distributed environments. It provides a single source of integration with network encryption, authentication, and single sign-on services, delivers PKI solutions and integrates with LDAP directories. Oracle® Advanced Security is an option available with Oracle8i™ Enterprise Edition."
89	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	BSAFE Crypto-C Toolkit, Version 4.31 (Software version 4.31) (For services provided by the listed FIPS-approved algorithms listed [in the description column]) Validated to FIPS 140-1 Security Policy	Software	03/21/2000; 01/04/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 (single-user mode). -FIPS-approved algorithms: Triple-DES (DES Cert. #46, vendor affirmed); SHA-1 (Cert. #18); RSA (vendor affirmed) -Other algorithms: DES (Cert. #46); RSA (encrypt/decrypt), MD2, MD5, HMAC, DESX, RC2, RC4, Elliptic Curve (F2&Fp), Elliptic Curve Encryption Scheme, Elliptic Curve DSA; Bloom-Shamir Multi-chip standalone "Cryptographic Toolkit provides cryptographic services to calling applications."
88	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	Key Management Facility / Radio Network Controller (KMF/RNC) Encryption Module Controller (EMC) (Version R3.0A; Firmware Version R02.23.00) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	02/23/2000	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #73); DES-XL, DVI-XL, DVP-XL, DVI-SPFL Multi-chip standalone "The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
87	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nShield 300, nShield 150 and nShield 75 Cryptographic Accelerators (Firmware v1.54.28; Hardware Build Standard D) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	01/18/2000; 03/01/2001; 03/09/2006; 03/15/2006	Overall Level: 3  -Roles and Services: Level 3* -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #24, vendor affirmed); RSA (vendor affirmed) -Other algorithms: DES (Cert. #24); DES MAC; CAST, HMAC, Triple-DES MAC, ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone
86	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO-TAC Digital Interface Unit (DIU) Encryption Module Controller (EMC) (Hardware v. 3.0A; Firmware v. 6.9 & 7.1) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	01/05/2000	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: -Other algorithms: DES (Cert.#73); DES-XL, DVP-XL, DVI-XL, DVI-SPFL Multi-chip standalone "The ASTRO DIU provides an interface between an analog console and an ASTRO base station or ASTRO-TAC comparator for ASTRO clear and analog two-way radio communications. The DIU EMC is available as an option with ASTRO DIUs to provide encryption capability. The DIU will then support ASTRO encrypted two-way radio communications."
85	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, v5.0 (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	01/07/2000; 07/18/2002	Overall Level: 1  -EMI/EMC: Level 3 -Roles & Services: Level 2 -Physical Security: Level 2 -Operating System Security: Level 1 for Microsoft Windows95/98, WindowsNT 3.5 and 3.51, and WindowsNT 4.0 with SP3, SP4, SP5, or SP6 (single user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); Triple-DES (DES Cert.#56, vendor affirmed) -Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; D-H key agreement Multi-chip standalone "This module is used in the Entrust family of products."
84	Pitney Bowes, Inc. 35 Waterview Dr Shelton, CT 06484 USA -David Riley TEL: 203-924-3500 FAX: 203-924-3385	ClickStamp™ Online CCV (ID: CCV assembly, ClickStamp™ Online CCV 1.40.5 and 1.40.23; KMS, K180034-AAA; IBM 4758-001 Cert. #35) Validated to FIPS 140-1 Security Policy	Hardware	12/22/1999; 08/21/2001	Overall Level: 3  -Physical Security: Level 4 +EFP/EFT -FIPS-approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (vendor affirmed) -Other algorithms: DES (Cert. #58); RSA Multi-chip embedded "The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
83	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232 (Firmware versions 1.25 and 1.26) Validated to FIPS 140-1 Security Policy	Hardware	12/22/1999; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5); Triple-DES (DES Certs. #11 and #26, vendor affirmed) -Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
82	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO Subscriber Encryption Module (Software versions 3.40, 3.43, 3.44, 3.46, 3.47 and 3.53a) (When operated in FIPS mode by selecting the DES algorithm Universal Crypto Module (UCM), (v3.44)) Revoked DES Transition Ended Security Policy	Hardware	12/22/1999; 03/30/2001; 08/17/2001; 10/04/2001; 05/15/2002; 09/10/2002	Overall Level: 1  -Roles & Services: Level 2 -Software Security: Level 3 -FIPS-approved algorithms: Triple-DES (vendor affirmed) -Other algorithms: DES; DES-XL, DVP-XL, DVI-XL, DVI-SPFL Multi-chip embedded "Encryption modules used in Motorola Astro™ Saber, Astro™ Spectra, Astro™ Consolette, and XTS3000 radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
81	IBM® Corporation 2455 South Rd Mail Station P339 Poughkeepsie, NY 12601-5400 USA -Helmy El-Sherif TEL: 845-435-7033 FAX: 845-435-4092	IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1) (ID: PN IBM 4758-013, Miniboot 0 version B, Miniboot 1 version B) Validated to FIPS 140-1 Security Policy	Hardware	11/29/1999	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -Cryptomodule Design: Level 4 -Module Interfaces: Level 4 -Roles& Services: Level 4 -Finite State Machine Model: Level 4 -Software Security: Level 4 -EMI/EMC: Level 4 -Self Tests: Level 4 -Key Mgmnt.: Level 4 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #16); Triple-DES (vendor affirmed) -Other algorithms: DES (Cert. #41); RSA Multi-chip embedded "The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software."
80	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954B-006 Cryptographic iButton™ (ID: B7-V1.02) (When using vendor-initialized SHA-1 in transaction group 1 NOTE: This validation supersedes validation certificate #63.) Validated to FIPS 140-1 Security Policy	Hardware	11/29/1999	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone "Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
79	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Jennifer Mitchell TEL: 847-576-7251	KVL 3000 (Hardware version CLN6738B; Firmware version R02.50.00) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	11/29/1999	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #5); DES-XL, DVP-XL, DVI-XL, DVI-SPEL Multi-chip standalone "The KVL3000 Key Variable Loader is a battery-powered portable unit used to create, store, and transfer encryption keys used by Motorola's secure communications products. The KVL3000 supports the following Motorola encryption protocols: SECURENET(TM), Advanced SECURENET(TM), ASTRO(TM), and ASTRO(TM)25 systems."
78	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Privacy Card (Hardware version 2.0; firmware version 1.2) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	11/29/1999	Overall Level: 2  -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1); Triple-DES (vendor affirmed) -Other algorithms: DES (Cert. #50); RSA, Diffie-Hellman (key agreement), KEA, MD5 Multi-chip standalone "The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
77	Attachmate Corporation 424 Wards Corner Road Loveland, OH 45140 USA -Bill Evans TEL: 513-794-8140	CryptoConnect ETS (Version 2.2.1) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Software	11/29/1999	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows95, Windows98, and WindowsNT 4.0, with SP3 or later (single- user mode). -FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18) -Other algorithms: DES (Cert. #46); RSA (encryption), RC2, RC4 Multi-chip standalone "CryptoConnect ETS is an INFOConnect transport system that provides encryption of all data between Attachmate's PEP/UTS client and Unisys 2200/ClearPath/IX Systems."
76	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider (Version 5.0.2150.1) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Software	11/09/1999; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 (operated in single-user mode). -FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed) -Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
75	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider (Version 5.0.1877.6 and 5.0.1877.7) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Software	11/09/1999; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (operated in single-user mode). -FIPS-approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed) -Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
74	RedCreek Communications 3900 Newpark Mall Rd Newark, CA 94056 USA -Nicholas Brigman, Product Marketing TEL: 510-795-6919	Personal Ravlin (Hardware v08; Firmware v3.32 Standard) (For services provided by the listed FIPS-approved algorithms) Validated to FIPS 140-1 Security Policy	Hardware	11/04/1999	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #22) -Other algorithms: DES (Cert. #53); MD5 Multi-chip standalone "The Personal Ravlin is a cost-effective network security solution. It addresses the needs of individual remote users who access corporations via cable, xDSL, and ISDN modems. It is also an ideal solution for network administrators who seek to establish private communications within a corporate intranet by providing security at the desktop level."
73	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ-L (Firmware v1.25 and v1.26) Validated to FIPS 140-1 Security Policy	Hardware	10/25/1999; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
72	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ-H (Firmware v1.25 and v1.26) Validated to FIPS 140-1 Security Policy	Hardware	10/25/1999; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -Software Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
71	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Frame Encryptor CFE-L (Firmware v4.02 and v4.04; Hardware revisions 4 and 5) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/13/1999; 12/04/2003; 10/18/2004	Overall Level: 3  -Module Interfaces: Level 3* -Roles and Services: Level 3* *(Level 3 - Console interface disabled; Level 2 - Console interface enabled.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
70	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Frame Encryptor CFE-H (Firmware v4.02 and v4.04; Hardware revisions 4 and 5) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/13/1999; 07/18/2002; 12/04/2003; 10/18/2004	Overall Level: 3  -Module Interfaces: Level 3* -Roles and Services: Level 3* *(Level 3 - Console interface disabled; Level 2 - Console interface enabled.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
69	Mykotronx, Inc. 357 Van Ness Way Suite 200 Torrance, CA 90501 USA -Kevin Cook TEL: 310-533-8100 FAX: 310-533-0527	FORTEZZA Crypto Card (Part Number 650000-2) Validated to FIPS 140-1 Security Policy Vendor Product Link	Hardware	09/13/1999	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2) -Other algorithms: KEA Multi-chip standalone "The Mykotronx FORTEZZA card is a PC Card hardware token for advanced cryptography and authorization methods. The card incorporates the National Security Agency-certified CAPSTONE RISC-based cryptographic processor."
68	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	Base Cryptographic Provider, Enhanced Cryptographic Provider, Base DSS Cryptographic Provider, and DSS/Diffie-Hellman Enchanced Cryptographic Provider (Version 5.0.1877.6 and 5.0.1877.7) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Software	09/13/1999; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 6 (operated in single-user mode). -FIPS-approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed) -Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
67	Admiral Secure Products, Ltd. 866 Mantle Crescent Mississauga, Ontario L5V 2G3 Canada -Alex Chartier TEL: 905-542-3351	CERTIFAX Fax Encryptor CF3102 (ID: firmware version 2.21) (When operated in FIPS mode using the listed FIPS-approved algorithms, and Triple DES not valid for FS1000 interoperability) Validated to FIPS 140-1 Security Policy	Firmware	09/13/1999; 10/24/2002	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: SHA-1 (Cert. #15) -Other algorithms: DES (Cert. #42); Triple-DES (allowed for US and Canadian Government use); ECDSA; ECMQV2; Discrete Log Diffie-Hellman (key agreement) Multi-chip standalone "CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks. The CF3102 also implements a non-FIPS mode for communications with Certicom's Legacy Fax Secret 1000 fax encryptor."
66	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan C. Asenjo TEL: 888-744-4976 x6202 FAX: 954-888-6211	Datacryptor® 2000 (DC2K) Link / Channelized / Frame Relay (Hardware Version Issue 2 Motherboard; Software Version 1.02.36) (When key zeroization is enabled) Validated to FIPS 140-1 Security Policy Vendor Product Link	Hardware	09/08/1999; 01/08/2003; 05/19/2003; 10/13/2005	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #24) -Other algorithms: DES (Cert. #57); Triple-DES (allowed for US and Canadian Government use), Diffie-Hellman (key agreement) Multi-chip standalone "The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
65	RedCreek Communications 3900 Newpark Mall Rd Newark, CA 94056 USA -Nicholas Brigman, Product Marketing TEL: 510-795-6919	Ravlin 10 (Hardware v 09; Software v 3.32 Radius) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	09/08/1999	Overall Level: 2  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #22) -Other algorithms: DES (Cert. #53); Triple-DES (allowed for US and Canadian Government use), MD5 Multi-chip standalone "The Ravlin 10/5100 is a network security solution that performs encryption and decryption with a throughput of the theoretical maximum of Ethernet (or wire speed). Network administrators use it to establish private communications within secure intranets (between corporate divisions, workgroups, branch offices, and individuals) or within secure extranets (between customers, suppliers, and strategic partners). This may be done over private or public IP networks."
64	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Cryptographic SDK (Version 1.5) (When operated in FIPS mode using the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Software	08/26/1999; 02/20/2003; 03/07/2008; 07/28/2008	Overall Level: 2  -Operating System Security: Tested as meeting Level 2 with Compaq DeskPro 5/166 w/ WindowsNT Workstation 3.51 w/ Service Pack 4 (ITSEC-rated). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #20) -Other algorithms: DES (Cert. #40); Triple-DES (allowed for US Government use), RSA, El Gamal, CAST5, IDEA, MD5, RIPEMD60, HMAC, Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK provides all cryptographic and key management functionality for the PGP suite of products, including PGP Desktop Security, PGPnet VPN Client, PGPdisk and the PGP Certificate Server. This is a high-level toolkit for use with C/C++ applications on Windows. It also supports PGP/MIME, TLS, Certificate Server management, LDAP, and Blakely-Shamir Key Splitting, as well as many user interface components for simple integration into other applications. PGP SDK implements only strong cryptography, and the source code is published in book form for peer review."
63	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954B Cryptographic iButton™ (ID: B7-V1.02) (When using vendor-initialized SHA-1 in transaction group 1 NOTE: This validation is superseded by validation certificate #80.) Validated to FIPS 140-1 Security Policy	Hardware	08/26/1999	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone "Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
62	Francotyp-Postalia Triftweg 21-26 Birkenwerder, D-16547 Germany -Andreas Wagner	Francotyp-Postalia Security Module (FPSM) (Software Version 1.1; Hardware Version 1.0) (When operated in FIPS mode using using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	08/17/1999	Overall Level: 2  -Physical Security: Level 3 -Key Management: Level 3 -Module Interfaces: Level 3 -Software Security: Level 3 -Self Tests: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: -Other algorithms: DES (Cert. #59); Triple-DES (allowed for US Government use) Multi-chip embedded "The FPSM is a multi-chip embedded cryptomodule. The FPSM is embedded in Postage Meters and provides security services to support the secure accounting and cryptographic functions necessary to implement a value evidencing apparatus."
61	Kasten Chase Applied Research, Ltd. 5100 Orbitor Drive Mississauga, Ontario L4W 4Z4 Canada -Cyril Fernandes TEL: 905-238-6900 x3310 FAX: 905-212-2003	Palladium Secure Modem / FORTEZZA CryptoCard (Hardware Version 1.5; Software Version p1.81) Validated to FIPS 140-1 Security Policy	Hardware	08/11/1999	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2) -Other algorithms: Multi-chip standalone
60	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984	DSS/Diffie-Hellman Enhanced Cryptographic Provider (Version 5.0.1998.1) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Software	08/05/1999; 10/15/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 4 (operated in single-user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #17) -Other algorithms: DES (Cert. #45); Triple-DES (allowed for US Government use); RC2, RC4, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Microsoft's DSSENH is a general-purpose software-based cryptographic module. It provides services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
59	Admiral Secure Products, Ltd. 866 Mantle Crescent Mississauga, Ontario L5V 2G3 Canada -Alex Chartier TEL: 905-542-3351	CERTIFAX Fax Encryptor CF3002 and CF3003 (ID: firmware version 2.20) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Firmware	08/05/1999; 10/24/2002	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: SHA-1 (Cert. #15) -Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2; Discrete Log Diffie-Hellman (key agreement) Multi-chip standalone "CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
58	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 Canada -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	LunaCA³ (Firmware versions 3.2, 3.9 and 3.93) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	08/05/1999; 09/14/2001; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, MD2, MD5; Diffie-Hellman (key agreement) Multi-chip standalone
57	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	LunaCA (Firmware version 3.2) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	08/05/1999; 10/18/2004	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "LunaCA is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. LunCA is a token based on the PCMCIA standard - now known as PC Card."
56	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna2 (Firmware versions 3.2 and 3.9) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	08/08/1999; 09/14/2001; 10/18/2004	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5; Diffie-Hellman (key agreement) Multi-chip standalone "Luna2 is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. Luna2 is a token based on the PCMCIA standard - now known as PC Card."
55	Admiral Secure Products, Ltd. 866 Mantle Crescent Mississauga, Ontario L5V 2G3 Canada -Alex Chartier TEL: 905-542-3351	Elliptic Curve Security Module (CLv) (Hardware version R4, firmware version R1.4.1) Validated to FIPS 140-1 Security Policy	Hardware	06/21/1999; 10/24/2002	Overall Level: 2  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #19) -Other algorithms: DES (Cert. #51); Triple-DES (allowed for US Government use); EC-DH Multi-chip embedded
54	TimeStep Corporation 359 Terry Fox Dr Kanata, Ontario K2K 2E7 Canada -Brett Howard TEL: 613-599-3610 x4554 FAX: 613-599-3617	PERMIT/Gate 2520™ Cryptographic Module (Hardware version 1.20) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	06/15/1999	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #21) -Other algorithms: DES; Triple-DES (allowed for US Government use), MD5 Multi-chip standalone "PERMIT/Gate 2520(TM) is a high-speed VPN component of the PERMIT(TM) Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 2520 has 4Mbps throughput."
53	TimeStep Corporation 359 Terry Fox Dr Kanata, Ontario K2K 2E7 Canada -Brett Howard TEL: 613-599-3610 x4554 FAX: 613-599-3617	PERMIT/Gate 4520™ Cryptographic Module (Hardware version 1.20) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	06/15/1999	Overall Level: 2  -Software Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #21) -Other algorithms: DES; Triple-DES (allowed for US Government use), MD5 Multi-chip standalone "PERMIT/Gate 4520(TM) is a high-speed VPN component of the PERMIT(TM) Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 4520 has 10Mbps throughput. The 4520 is the same as the 2520, except that the 4520 has a faster CPU, running at a higher bus frequency."
52	Admiral Secure Products, Ltd. 866 Mantle Crescent Mississauga, Ontario L5V 2G3 Canada -Alex Chartier TEL: 905-542-3351	CERTIFAX Fax Encryptor CF3001 (ID: firmware version 2.2) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	06/15/1999; 10/24/2002	Overall Level: 3  -Self Tests: Level 4 -FIPS-approved algorithms: SHA-1 (Cert. #15) -Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2 Multi-chip standalone "CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
51	Pitney Bowes, Inc. 1 Elmcroft Rd Stamford, CT 06926-0700 USA -Frederick W. Ryan, Jr. TEL: 203-924-3500 FAX: 203-924-3385	Clickstamp (Part #P200, Version AAA; Version AAB - 03/15/2000) (Validated only for the DES MAC authenticated services: Credit, Put IBIP Data, and Zeroize Keys) Revoked DES Transition Ended Security Policy	Hardware	05/10/1999	Overall Level: 3  -FIPS-approved algorithms: SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #35); RSA Multi-chip standalone "The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
50	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	BSAFE Crypto-C Toolkit, Version 4.11 (Software Version 4.11) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Software	04/29/1999; 01/04/2008	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #18) -Other algorithms: DES (Cert. #46); Triple-DES (allowed for US Government use), RSA, MD2, MD5, HMAC, DESX, RC2, RC4, Elliptic Curve (F2&Fp), Elliptic Curve Encryption Scheme, Elliptic Curve DSA; Bloom-Shamir Multi-chip standalone "Cryptographic Toolkit provides cryptographic services to calling applications."
49	Intel Network Systems, Inc. 2 Eva Road Suite 220 Toronto, Ontario M9C 2A8 Canada -Robert Eng TEL: 416-622-8987 FAX: 416-622-7577	LAN Rover VPN Gateway (LRVG) V6.59 (Firmware version V6.59) Validated to FIPS 140-1 Security Policy	Hardware	04/28/1999	Overall Level: 2  -Software Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #18) -Other algorithms: DES; Triple-DES (allowed for US Government use) Multi-chip standalone "The LRVG is a network packet encryption device which incorporates firewall and tunneling functionality compatible with a variety of protocols over Ethernet, V.35, and RS-232."
48	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	FORTEZZA Crypto Card (Hardware Version 0.1, Firmware v0.5, v0.6 and v0.7) Jumbo FORTEZZA Crypto Card (Hardware Version 0.2, Firmware vA1) Validated to FIPS 140-1 Security Policy	Hardware	04/23/1999; 05/14/2001; 06/18/2003	Overall Level: 2  -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: KEA Multi-chip standalone "SPYRUS's FORTEZZA is a PC Card that is used to provide cryptographic services."
47	Netscape Communications Corporation 6905 Rockledge Dr Suite 820 Bethesda, MD 20817 USA -Ed Hicks TEL: 301-571-3900 -Mitch Green	Netscape Security Module 1.01 (ID: fipscm_v1.01) (When operated in FIPS mode) Validated to FIPS 140-1 Not Available Security Policy	Software	03/17/1999	Overall Level: 2  -Physical Security: Level 2 met when correctly implementing the tamper evident mechanism specified in the security policy. -Operating System Security: Tested as meeting Level 2 with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed) -Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use), RC2, RC4, MD2, MD5 Multi-chip standalone "Security module used in various Netscape products."
46	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Metering Device (LMD) (Firmware version 9012) Validated to FIPS 140-1 Security Policy	Hardware	03/17/1999	Overall Level: 2  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: Multi-chip standalone
45	Netscape Communications Corporation 6905 Rockledge Dr Suite 820 Bethesda, MD 20817 USA -Ed Hicks TEL: 301-571-3900 -Mitch Green	Netscape Security Module 1.01 (ID: fipscm_v1.01) (When operated in FIPS mode) Validated to FIPS 140-1 Not Available Security Policy	Software	03/17/1999	Overall Level: 1  -Operating System Security: meets Level 1 for WindowsNT 4.0 workstation (operated in single user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed) -Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use), RC2, RC4, MD2, MD5 Multi-chip standalone "Security module used in various Netscape products."
44	M/A Com, Inc. 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -John Casler TEL: 434-455-6600 FAX: 434-455-6851	Aegis MR-K I and II System/Scan Radios VHF range: 136-174 MHz UHF range: 378-500 MHz 800 range: 806-870 MHz (Hardware Versions: PK1GEXE, PK1PEXE, PK1XEXE, PK18EXE, PK2GEXE, PK2PEXE, PK2XEXE, PK28EXE, PK3GEXE, PK3PEXE, PK3XEXE, PK38EXE, (SYSTEM) PK2NEXE, (SCAN) PK3NEXE; Software Load: CXC 112 1279/1, Version: M2G30408) Revoked DES Transition Ended Security Policy	Hardware	03/04/1999; 11/16/2001; 12/06/2001; 04/05/2002; 03/07/2003; 03/13/2003	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES (04/22/1994) Multi-chip standalone "The M-RK II System/Scan (AEGIS) and M-RK I handheld personal portable two-way FM radio is a high-quality, high performance FM radio. The radio is synthesized and operates in both trunked (EDACS™) and conventional communications systems. The trunked mode allows selection of either a communications group or an individual radio within a system. Both the selected group and the individual radio are secured through AEGIS digital signaling and DES encryption."
43	SafeNet, Inc. 4690 Millennium Drive Suite 300 Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Turbo Crypto Card (TCC), v09, 14.04 (Part#: AB-14094-050-09) Validated to FIPS 140-1 Security Policy	Hardware	02/17/1999; 12/04/2003; 10/18/2004	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11and #20); Diffie-Hellman (key agreement) Multi-chip embedded "Turbo Crypto Card is used in a variety of Cylink's host encryption products, including the Secure Frame Unit (SFU) and the Secure Domain Unit (SDU)."
42	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dr. Stephen Kovacs TEL: 813-288-7388 x119 FAX: 813-288-7389	Segmented NetFortress™ GVPN-S (Version - 1) (When factory configured in FIPS mode and using Triple-DES) Validated to FIPS 140-1 Security Policy	Hardware	01/27/1999	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: -Other algorithms: DES (Cert.#23); Triple-DES (allowed for US Government use), IDEA Multi-chip standalone "VPN Encryptor."
41	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954B Cryptographic iButton™ (ID: B4-V1.02) (When using vendor-initialized SHA-1 in transaction group 1) Validated to FIPS 140-1 Security Policy	Hardware	01/26/1999	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone "Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
40	IBM® Corporation 2455 South Rd Mail Station P371 Poughkeepsie, NY 12601-5400 USA -Clark D. Norberg TEL: 845-435-6434 FAX: 845-435-1858 -Phil C. Yeh	IBM S/390 CMOS Cryptographic Coprocessor (ID: IBM Part #s 88H3637 and 29L3659) (When configured for External Key Entry) Validated to FIPS 140-1 Security Policy	Hardware	01/07/1999	Overall Level: 4  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #4, 12); RSA (internal use) -Other algorithms: DES (Certs. #7 and 29); Triple-DES (allowed for US Government use); CDM; MDC-2; MDC-4; D-H key agreement; ANSI: X3106, X99, X919 Single-chip "Encryption module for S/390 CMOS Enterprise Server family."
39	Chrysalis-ITS, Incorporated One Chrysalis Way Ottawa, Ontario K2G 6P9 Canada -Bill Cullen TEL: 613-723-5077 FAX: 613-723-5069	Luna2 (Firmware version 2.2) (For services provided by the listed FIPS-approved algorithms and using Triple-DES) Validated to FIPS 140-1 Security Policy	Hardware	12/08/1998	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5, RSA; D-H key agreement Multi-chip standalone "Luna2 is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. Luna2 is a token based on the PCMCIA standard - now known as PC Card."
38	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	LunaCA (Firmware version 2.2) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	12/08/1998; 10/18/2004	Overall Level: 2  -Software Security: Level 3 -Self Tests: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5, RSA; D-H key agreement Multi-chip standalone "LunaCA is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. LunCA is a token based on the PCMCIA standard - now known as PC Card."
37	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Jennifer Mitchell TEL: 847-576-7251	KVL 3000 (Firmware version 1.5) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	11/25/1998	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: -Other algorithms: DES (Cert. #5); DES-XL, DVP-XL, DVI-XL, DVI-XL SPFL Multi-chip standalone
36	Litronic, Inc. 2030 Main St Suite 1250 Irvine, CA 92614 USA -Robert Gray TEL: 949-851-1085 FAX: 949-851-8588	Argus/300 Security Adapter (PN's 050-1038 and 024-0300 rev. B) Validated to FIPS 140-1 Security Policy	Hardware	11/25/1998; 05/14/2004	Overall Level: 3  -FIPS-approved algorithms: SHA-1 (Cert. #41) -Other algorithms: DES (Cert. #254) Multi-chip embedded "Cryptographic Module and Smart Card Reader."
35	IBM® Corporation 2455 South Rd Mail Station P339 Poughkeepsie, NY 12601-5400 USA -Helmy El-Sherif TEL: 845-435-7033 FAX: 845-435-4092	IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1) (ID: PN IBM 4758-001, Miniboot 0 version B, Miniboot 1 version B) (When configured for DSS Authentication) Validated to FIPS 140-1 Security Policy	Hardware	11/25/1998	Overall Level: 4  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #16) -Other algorithms: DES (Cert. #41); Triple-DES (allowed for US Government use), RSA Multi-chip embedded "The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software."
34	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nFast nF75KM 1C, nF150KM 1C, and nF300KM 1C Cryptographic Accelerators (Firmware v1.33.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	11/18/1998	Overall Level: 2  -Module Interfaces: Level 3 -Roles and Services: Level 2* -Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 2* -Key Management: Level 2* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; D-H key agreement Multi-chip standalone "The firmware is used in the nFast series of devices and has been validated on the nFast nF75KM 1C, nF150KM 1C, and nF300KM 1C Cryptographic Accelerators."
33	Fortress Technologies, Inc. 4025 Tampa Road Suite 1111 Oldsmar, FL 34677 USA -Dr. Stephen Kovacs TEL: 813-288-7388 x119 FAX: 813-288-7389	NetFortress™ GVPN (Version - 1) (When factory configured in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	11/18/1998	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: DES (Cert. #23); Triple-DES (allowed for US Government use), IDEA Multi-chip standalone "VPN Encryptor."
32	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954B Cryptographic iButton™ (ID: B4-V1.02) (When using vendor-initialized SHA-1 in transaction group 1 NOTE: This validation has been superseded by validation certificate #41, which meets an Overall Level 3.) Validated to FIPS 140-1 Security Policy	Hardware	10/28/1998	Overall Level: 2  -Physical Security: Level 3 +EFP -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5, RSA Multi-chip standalone "Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
31	Neopost Ltd. 30955 Huntwood Ave. Hayward, CA 94544-7084 USA -Neil Graver TEL: 510-489-6800	PostagePlus™ Client Communication Module (Version 1.0) Validated to FIPS 140-1 Security Policy	Software	10/28/1998	Overall Level: 1  -Operating System Security: Tested as meeting Level 1 for Windows95 -FIPS-approved algorithms: SHA-1 (Cert. #12) -Other algorithms: DES (Cert. #38); Triple-DES (allowed for US Government use), RSA Multi-chip standalone "This module is part of the PostagePlus(TM) system that provides security services to support the secure accounting and cryptographic functions required to implement the United States Postal Service's Information-Based Indicia Program."
30	Pitney Bowes, Inc. 1 Elmcroft Rd Stamford, CT 06926-0700 USA -Frederick W. Ryan, Jr. TEL: 203-924-3500 FAX: 203-924-3385	PC Meter Cryptographic Module (Part #P200V, Version ABB) (Validated only for the DES MAC authenticated services: Credit, Put IBIP Data, and Zeroize Keys) Revoked DES Transition Ended Security Policy	Hardware	10/02/1998	Overall Level: 3  -FIPS-approved algorithms: SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #35); RSA Single-chip "The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
29	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	LunaCA³ (Firmware version 2.2) (For services provided by the listed FIPS-approved algorithms and using Triple DES) Validated to FIPS 140-1 Security Policy	Hardware	10/02/1998; 10/18/2004	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #13) -Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, MD2, MD5, RSA; Diffie-Hellman (key agreement) Multi-chip standalone
28	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nFast nF75CA 00, nF150CA 00, and nF300CA 00 Cryptographic Accelerators (Firmware v1.33.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/22/1998	Overall Level: 3  -Roles and Services: Level 3* -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The firmware is used in the nFast series of devices and has been validated on the nFast nF75CA 00, nF150CA 00, and nF300CA 00 Cryptographic Accelerators."
27	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nFast nF75CA 1C, nF150CA 1C, and nF300CA 1C Cryptographic Accelerators (Firmware v1.33.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	09/22/1998	Overall Level: 3  -Roles and Services: Level 3* -Self Tests: Level 3* -Key Management: Level 3* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The firmware is used in the nFast series of devices and has been validated on the nFast nF75CA 1C, nF150CA 1C, and nF300CA 1C Cryptographic Accelerators.."
26	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ-L (Firmware v1.03 and v1.04) Validated to FIPS 140-1 Security Policy	Hardware	09/11/1998; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
25	SafeNet, Inc. 4690 Millennium Drive Suite 300 Raleigh, Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Cylink Link Encryptor NRZ-H (Firmware v1.03 and v1.04) Validated to FIPS 140-1 Security Policy	Hardware	09/11/1998; 12/04/2003; 10/18/2004	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US Government use); Diffie-Hellman (key agreement) Multi-chip standalone "Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
24	V-ONE Corporation, Inc. 20250 Century Blvd Suite 300 Germantown, MD 20874 USA -Tim Armstrong TEL: 301-515-5200 x5394	SmartPass Virtual Cryptographic Authentication Token (VCAT) (Version 3.2) Validated to FIPS 140-1 Security Policy Vendor Product Link	Software	09/11/1998; 06/18/2003	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 for Microsoft Windows95. -FIPS-approved algorithms: SHA-1 (Cert.#10) -Other algorithms: DES Multi-chip standalone
23	GTE Internetworking 70 Fawcett St. Cambridge, MA 02140 USA -John Lowry TEL: 617-873-2435	SafeKeyper™ Signer (Release 4p) (When initialized to DSA) Validated to FIPS 140-1 Security Policy	Hardware	09/11/1998	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #9) -Other algorithms: DES (Cert. #22); RSA, MD2, MD5, Shamir Secret-sharing Algorithm Multi-chip standalone
22	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Metering Device (LMD) Validated to FIPS 140-1 Security Policy	Hardware	08/13/1998	Overall Level: 2  -Physical Security: Level 3 +EFT -EMI/EMC: Level 3 -FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1) -Other algorithms: Multi-chip standalone
21	nCipher Corporation Ltd. 100 Unicorn Park Dr Woburn, MA 01801-3371 USA -Greg Dunne TEL: 978-691-6487 FAX: 978-687-4442	nFast nF75KM 00, nF150KM 00, and nF300KM 00 Cryptographic Accelerators (Firmware v1.33.1) (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Hardware	08/13/1998	Overall Level: 2  -Module Interfaces: Level 3 -Roles and Services: Level 2* -Software Security: Level 3 -EMI/EMC: Level 3 -Self Tests: Level 2* -Key Management: Level 2* *(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #11) -Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement) Multi-chip standalone "The firmware is used in the nFast series of devices and has been validated on the nFast nF75KM 00, nF150KM 00, and nF300KM 00 Cryptographic Accelerators."
20	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, v4.0 (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	07/30/1998; 07/18/2002	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 for Windows95 and WindowsNT 4.0 workstation (operated in single user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #10) -Other algorithms: DES (Cert. #1); DES MAC; Triple-DES (allowed for US Government use); RC2; MD5; MD2; HMAC-SHA-1; HMAC-MD5; RSA; CAST; CAST3; CAST5; Diffie-Hellman (key agreement) Multi-chip standalone "This module is used in the Entrust family of products."
19	Dallas Semiconductor, Inc. 4401 Beltwood Pkwy Dallas, TX 75244-3292 USA -Mr. Dennis Jarrett TEL: 972-371-4416	DS1954 Cryptographic iButton™ (ID: A7-V1.01) (When using vendor-initialized SHA-1 in transaction group 1 NOTE: This validation has been superseded by validation certificate #41, which meets an Overall Level 3.) Validated to FIPS 140-1 Security Policy	Hardware	06/29/1998	Overall Level: 2  -Physical Security: Level 3 +EFP -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #8) -Other algorithms: MD5; RSA Multi-chip standalone "Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
18	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, v3.1 (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	05/11/1998; 07/18/2002	Overall Level: 1  -EMI/EMC: Level 3 -Operating System Security: Tested as meeting Level 1 for Windows95 and WindowsNT 4.0 workstation (operated in single user mode). -FIPS-approved algorithms: DSA/SHA-1 (Cert. #10) -Other algorithms: DES (Cert. #1); DES MAC; Triple-DES (allowed for US Government use); RC2; MD5; MD2; RSA; CAST; CAST3; CAST5; Diffie-Hellman (key agreement) Multi-chip standalone "This module is used in the Entrust family of products."
17	GTE Internetworking 70 Fawcett St. Cambridge, MA 02140 USA -John Lowry TEL: 617-873-2435	SafeKeyper™ Signer (Release 4) (When initialized to DSA. NOTE: This module has been superseded by Certificate #23.) Validated to FIPS 140-1 Not Available Security Policy	Hardware	05/11/1998	Overall Level: 3  -FIPS-approved algorithms: DSA/SHA-1 (Cert. #9) -Other algorithms: DES (Cert. #22); RSA; MD2; MD5; Shamir Secret-sharing Algorithm Multi-chip standalone
16	Transcrypt International 4800 NW 1st St Lincoln, NE 68521 USA -Jim Gilley TEL: 402-474-4800 FAX: 402-474-4858	SC20-DES (v1.0) Revoked DES Transition Ended Security Policy	Hardware	04/15/1998	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: -Other algorithms: DES (Cert. #19) Single-chip "Encryption module for land mobile radios."
15	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO XTS 3000 Subscriber Encryption Module (Release R 3.0) (When operated in FIPS mode by selecting the DES algorithm and setting OTAR to inhibited) Revoked DES Transition Ended Security Policy	Hardware	01/30/1998	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: -Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL Multi-chip standalone "The ASTRO XTS 3000 radio provides portable analog and digital two-radio communications in trunked and conventional radio systems. It is capable of supporting 12.5 kHz digital channels as well as 25 kHz and 30 kHz analog channels. The ASTRO XTS 3000 Subscriber Encryption Module Controller is available as an option for the ASTRO XTS 3000 radios to provide secure communication capabilities."
14	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO Subscriber Encryption Module (Release R 3.0) (When operated in FIPS mode by selecting the DES algorithm and setting OTAR to inhibited) Revoked DES Transition Ended Security Policy	Hardware	01/30/1998	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: -Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL Multi-chip standalone "The ASTRO Saber radio provides portable analog and digital two-radio communications in trunked and conventional radio systems. The ASTRO Spectra radio provides analog and digital two-radio communications in trunked and conventional mobile radio systems. They are each capable of supporting 12.5 kHz digital channels as well as 25 kHz and 30 kHz analog channels."
13	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO-TAC Digital Interface Unit (DIU) Encryption Module Controller (EMC) (Version 3.0) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	01/30/1998	Overall Level: 1  -Roles & Services: Level 2 -FIPS-approved algorithms: -Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL Multi-chip standalone "The ASTRO DIU provides an interface between an analog console and an ASTRO base station or ASTRO-TAC comparator for ASTRO clear and analog two-way radio communications. The DIU EMC is available as an option with ASTRO DIUs to provide encryption capability. The DIU will then support ASTRO encrypted two-way radio communications."
12	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Joel Rieger TEL: 410-931-7500 FAX: 410-931-7524	SafeNet/Dial Secure Modem (Firmware version 2.0) (When operated in 'user with authentication' mode) Revoked DES Transition Ended Security Policy	Hardware	12/08/1997; 10/18/2004	Overall Level: 2  -EMI/EMC: Level 3 -Roles and Services: Strongest authentication provided when operated in conjunction with the SafeNet/Security Center. -FIPS-approved algorithms: -Other algorithms: DES; ATLAS Multi-chip standalone
11	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	Radio Network Controller Encryption Module Controller (RNC EMC) (Firmware version D01.00.00) (When operated in FIPS mode by selection of the DES algorithm) Revoked DES Transition Ended Security Policy	Hardware	11/12/1997	Overall Level: 1  -Module Interfaces: Level 3 -FIPS-approved algorithms: -Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DVI-SPFL Multi-chip standalone "The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
10	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	Turbo Crypto Card (TCC), v09 (Part#: AB-14094-010-09) Validated to FIPS 140-1 Security Policy	Hardware	11/12/1997; 10/18/2004	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA/SHA-1 (Cert. #5) -Other algorithms: DES (Certs. #11 and #12); Diffie-Hellman Multi-chip embedded "Turbo Crypto Card is used in a variety of Cylink's host encryption products, including the Secure Frame Unit (SFU) and the Secure Domain Unit (SDU)."
9	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Glenn Constable TEL: 919-462-1900 x212 FAX: 919-462-1933	SafeNet/LAN VPN Encryptor (Firmware version 2.0) Revoked DES Transition Ended Security Policy	Hardware	11/12/1997; 10/18/2004	Overall Level: 2  -Roles and Services: Strongest authentication provided when operated in conjunction with the SafeNet/Security Center. -FIPS-approved algorithms: -Other algorithms: DES; ATLAS Multi-chip standalone
8	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Randy Kun TEL: 613-723-5077 FAX: 613-723-5078	Luna 1 PCMCIA Token (Firmware version 1.19) (When operated in FIPS mode for encryption, decryption, and random number generation) Validated to FIPS 140-1 Security Policy	Hardware	10/29/1997; 10/18/2004	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: SHA-1 (Cert. #7) -Other algorithms: DES (Cert. #13); Triple-DES (allowed for US Government use); CAST; CAST3; MD2; MD5; RSA Multi-chip standalone "Chrysalis' Luna 1 is a PC Card that is used to provide generation and storage of symmetric and asymmetric keys, storage of Certificates, and random number generation. It can support up to 15 different users."
7	Netscape Communications Corporation 6905 Rockledge Dr Suite 820 Bethesda, MD 20817 USA -Ed Hicks TEL: 301-571-3900 -Mitch Green	Netscape Security Module 1 (ID: fipscm_v1) (When operated in FIPS mode for secure e-mail, certificate management, and password management) Validated to FIPS 140-1 Not Available Security Policy	Software	08/29/1997	Overall Level: 2  -Physical Security: Level 2 met when correctly implementing the tamper evident mechanism specified in the security policy. -Operating System Security:Tested as meeting Level 2 with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated), and Level 1 for Microsoft WindowsNT 4.0 workstation (operated in single user mode) -FIPS-approved algorithms: DSA/SHA-1 (Cert. #3) -Other algorithms: DES (Certs. #6 and #10); RSA; RC4; RC5; MD2; MD5 Multi-chip standalone "Security module used in various Netscape products."
6	Mykotronx, Inc. 357 Van Ness Way Suite 200 Torrance, CA 90501 USA -Kevin Cook TEL: 310-533-8100 FAX: 310-533-0527	Palladium Fortezza Crypto Card (Part Number 650000) Validated to FIPS 140-1 Security Policy Vendor Product Link	Hardware	06/11/1997	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: DSA; SHA-1; Skipjack -Other algorithms: KEA Multi-chip standalone
5	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	FORTEZZA Crypto Card, v0.2 Validated to FIPS 140-1 Security Policy	Hardware	02/07/1997	Overall Level: 2  -FIPS-approved algorithms: DSA; SHA-1; Skipjack -Other algorithms: KEA Multi-chip standalone "SPYRUS's FORTEZZA is a PC Card that is used to provide cryptographic services."
4	National Semiconductor Corporation (This cryptomodule and NSC's Fortezza business unit have been discontinued.)	Fortezza PCMCIA Encryption Module (Part Number: 990010947-200) Validated to FIPS 140-1 Security Policy	Hardware	10/24/1996	Overall Level: 2  -FIPS-approved algorithms: DSA; SHA-1; Skipjack -Other algorithms: KEA Multi-chip standalone
3	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, V2.4 (When operated in FIPS mode) Validated to FIPS 140-1 Security Policy	Software	09/17/1996; 07/18/2002	Overall Level: 1  (for use with PCs) -FIPS-approved algorithms: DSA; SHA-1 -Other algorithms: DES; MD5; MD2; RSA; CAST; CAST3 Multi-chip standalone "This module is used in the Entrust family of products."
2	Motorola, Inc. Secure Design Center IL02 Room 0509A 1301 East Algonquin Rd Schaumburg, IL 60196 USA -Geoff Hobar TEL: 847-576-9066 FAX: 847-538-2770	ASTRO Subscriber Encryption Module (For ASTRO Radio Product Family: NTN7771D, NTN7772D, NTN7332D, NTN7331D) Revoked DES Transition Ended Security Policy	Hardware	01/19/1996	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: DES; Motorola DVP Multi-chip embedded "This module is used in the ASTRO Radio Product Family."
1	Entrust, Inc. 1000 Innovation Drive Ottawa, Ontario K2K 3E7 Canada -Pierre Boucher TEL: 613-270-2599 FAX: 613-270-2504	Entrust Cryptographic Kernel, V1.9 Validated to FIPS 140-1 Security Policy	Software	10/12/1995; 07/18/2002	Overall Level: 1  (for use with PCs) -FIPS-approved algorithms: DSA -Other algorithms: DES; CAST; RSA; MD5; MD2 Multi-chip standalone "This module is used in the Entrust family of products."